def get_assertions_by_subject(self, name_id=None, session_index=None,
requested_context=None):
"""
:param name_id: One of name_id or key can be used to get the authn
statement
:param session_index: If match against a session index should be done
:param requested_context: Authn statements should match a specific
authn context
:return:
"""
result = []
key = sha1(code_binary(name_id)).hexdigest()
for item in self.assertion.find({"name_id_key": key}):
assertion = from_dict(item["assertion"], ONTS, True)
if session_index or requested_context:
for statement in assertion.authn_statement:
if session_index:
if statement.session_index == session_index:
result.append(assertion)
break
if requested_context:
if context_match(requested_context,
statement.authn_context):
result.append(assertion)
break
else:
result.append(assertion)
return result
def get_assertions_by_subject(self, name_id=None, session_index=None,
requested_context=None):
"""
:param name_id: One of name_id or key can be used to get the authn
statement
:param session_index: If match against a session index should be done
:param requested_context: Authn statements should match a specific
authn context
:return:
"""
result = []
key = sha1(code_binary(name_id)).hexdigest()
for item in self.assertion.find({"name_id_key": key}):
assertion = from_dict(item["assertion"], ONTS, True)
if session_index or requested_context:
for statement in assertion.authn_statement:
if session_index:
if statement.session_index == session_index:
result.append(assertion)
break
if requested_context:
if context_match(requested_context,
statement.authn_context):
result.append(assertion)
break
else:
result.append(assertion)
return result
def get_authn_statements(self, name_id=None, key="", session_index=None,
requested_context=None):
"""
:param name_id: One of name_id or key can be used to get the authn
statement
:param key:
:param session_index:
:param requested_context:
:return:
"""
result = []
key = sha1(code(name_id)).hexdigest()
try:
statements = [from_dict(t, ONTS, True) for t in self.authn[key]]
except KeyError:
logger.info("Unknown subject %s" % name_id)
return []
for statement in statements:
if session_index:
if statement.session_index != session_index:
continue
if requested_context:
if not context_match(requested_context,
statement.authn_context):
continue
result.append(statement)
return result
def extract(self):
"""
Creates separate metadata file for each Service Provider entityID in
the original metadata files.
It will weed out SPs that fulfills any of these criteria:
1. no valid keys
2. no Assertion Consuming Services endpoints with bindings supported by
ADFS
3. no HTTPS based Assertion Consuming Service endpoints
"""
pshScript = ""
pshScriptTemplate = Template(open(self.powershell_metadata_update,
'r').read())
# for EntityDescriptor extracts SP and write a single metadata file
for eid, entity in self.mds.items():
if "spsso_descriptor" in entity:
if not self.entity_to_ignore(eid):
print "---- %s ----" % eid
entity = self.stripRolloverKeys(entity)
if not entity:
print "No working keys for %s" % eid
continue
entity = self.stripBindingsNotSupported(entity)
if not entity:
print "No working endpoints for %s" % eid
continue
fname = eid.replace('/', '_').replace('.', '_').replace(
':', '_')
fname = "".join(
[x for x in fname
if x.isalpha() or x.isdigit() or x == '-' or x == '_'])
print " ".join(["Generating XML metadata for", eid])
entityFileName = pjoin(self.metadata_dir,
fname + ".xml")
entityFile = open(entityFileName, "w")
entityFile.write("%s" % from_dict(entity, ONTS))
entityFile.close()
rulesetFileName = pjoin(self.ruleset_dir, fname)
self.ruleset_creation(self.my_claim_type,
rulesetFileName, entity)
pshScript += pshScriptTemplate.substitute(
fedName=self.fed_name_prefix,
metadataFile=entityFileName,
rpName=eid,
rulesetFile=rulesetFileName)
if pshScript:
print "Generating powershell script for Relying Party configuration update..."
pshScriptBaseTemplate = Template(open(self.powershell_base,
'r').read())
pshScript = pshScriptBaseTemplate.substitute(
fedName=self.fed_name_prefix) + pshScript
pshScriptFile = open('update_adfs_rptrust.ps1', 'w')
pshScriptFile.write(pshScript)
pshScriptFile.close()
def get_assertion(self, cid):
res = []
for item in self.assertion.find({"assertion_id": cid}):
res.append({"assertion": from_dict(item["assertion"], ONTS, True),
"to_sign": item["to_sign"]})
if len(res) == 1:
return res[0]
elif res is []:
return None
else:
raise SystemError("More then one assertion with the same ID")
def get_assertion(self, cid):
res = []
for item in self.assertion.find({"assertion_id": cid}):
res.append({"assertion": from_dict(item["assertion"], ONTS, True),
"to_sign": item["to_sign"]})
if len(res) == 1:
return res[0]
elif res is []:
return None
else:
raise SystemError("More then one assertion with the same ID")
def test_construct_contact():
c = from_dict({
"__class__": _class(md.ContactPerson),
"given_name":{"text":"Roland", "__class__": _class(md.GivenName)},
"sur_name": {"text":"Hedberg", "__class__": _class(md.SurName)},
"email_address": [{"text":"*****@*****.**",
"__class__": _class(md.EmailAddress)}],
}, ONTS)
print c
assert c.given_name.text == "Roland"
assert c.sur_name.text == "Hedberg"
assert c.email_address[0].text == "*****@*****.**"
assert _eq(c.keyswv(), ["given_name","sur_name","email_address"])
def match_local_id(self, userid, sp_name_qualifier, name_qualifier):
"""
Match a local persistent identifier.
Look for an existing persistent NameID matching userid,
sp_name_qualifier and name_qualifier.
"""
filter = {
"name_id.sp_name_qualifier": sp_name_qualifier,
"name_id.name_qualifier": name_qualifier,
"name_id.format": NAMEID_FORMAT_PERSISTENT,
}
res = self.mdb.get(value=userid, **filter)
if not res:
return None
return from_dict(res[0]["name_id"], ONTS, True)
def find_nameid(self, userid, nformat=None, sp_name_qualifier=None,
name_qualifier=None, sp_provided_id=None, **nvargs):
kwargs = {}
if nformat:
kwargs["name_format"] = nformat
if sp_name_qualifier:
kwargs["sp_name_qualifier"] = sp_name_qualifier
if name_qualifier:
kwargs["name_qualifier"] = name_qualifier
if sp_provided_id:
kwargs["sp_provided_id"] = sp_provided_id
res = []
for item in self.mdb.get(userid, **kwargs):
res.append(from_dict(item["name_id"], ONTS, True))
return res
def match_local_id(self, userid, sp_name_qualifier, name_qualifier):
"""
Match a local persistent identifier.
Look for an existing persistent NameID matching userid,
sp_name_qualifier and name_qualifier.
"""
filter = {
"name_id.sp_name_qualifier": sp_name_qualifier,
"name_id.name_qualifier": name_qualifier,
"name_id.format": NAMEID_FORMAT_PERSISTENT,
}
res = self.mdb.get(value=userid, **filter)
if not res:
return None
return from_dict(res[0]["name_id"], ONTS, True)
def find_nameid(self, userid, nformat=None, sp_name_qualifier=None,
name_qualifier=None, sp_provided_id=None):
kwargs = {}
if nformat:
kwargs["name_format"] = nformat
if sp_name_qualifier:
kwargs["sp_name_qualifier"] = sp_name_qualifier
if name_qualifier:
kwargs["name_qualifier"] = name_qualifier
if sp_provided_id:
kwargs["sp_provided_id"] = sp_provided_id
res = []
for item in self.mdb.get(userid, **kwargs):
res.append(from_dict(item["name_id"], ONTS, True))
return res
def test_construct_contact():
c = from_dict(
{
"__class__":
_class(md.ContactPerson),
"given_name": {
"text": "Roland",
"__class__": _class(md.GivenName)
},
"sur_name": {
"text": "Hedberg",
"__class__": _class(md.SurName)
},
"email_address": [{
"text": "*****@*****.**",
"__class__": _class(md.EmailAddress)
}],
}, ONTS)
print c
assert c.given_name.text == "Roland"
assert c.sur_name.text == "Hedberg"
assert c.email_address[0].text == "*****@*****.**"
assert _eq(c.keyswv(), ["given_name", "sur_name", "email_address"])
__author__ = 'rolandh'
from saml2.mdie import from_dict
import xmldsig
import xmlenc
from saml2 import md
from saml2 import saml
from saml2.extension import dri
from saml2.extension import idpdisc
from saml2.extension import mdattr
from saml2.extension import mdui
from saml2.extension import ui
ONTS = {
dri.NAMESPACE: dri,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
mdattr.NAMESPACE: mdattr,
mdui.NAMESPACE: mdui,
saml.NAMESPACE: saml,
ui.NAMESPACE: ui,
xmlenc.NAMESPACE: xmlenc,
xmldsig.NAMESPACE: xmldsig,
}
_dict = eval(open(sys.argv[1]).read())
res = from_dict(_dict, ONTS)
print res
def get_assertion(self, cid):
_dict = self.assertion[cid]
return {"assertion": from_dict(_dict["assertion"], ONTS, True),
"to_sign": _dict["to_sign"]}
