def validate_metadata(self, xml):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:returns: The list of found errors
:rtype: list
"""
assert isinstance(xml, basestring)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
errors = []
res = OneLogin_Saml2_Utils.validate_xml(
xml, 'saml-schema-metadata-2.0.xsd', self.__debug)
if not isinstance(res, Document):
errors.append(res)
else:
dom = res
element = dom.documentElement
if element.tagName not in 'md:EntityDescriptor':
errors.append('noEntityDescriptor_xml')
else:
if len(element.getElementsByTagName(
'md:SPSSODescriptor')) != 1:
errors.append('onlySPSSODescriptor_allowed_xml')
else:
valid_until = cache_duration = expire_time = None
if element.hasAttribute('validUntil'):
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(
element.getAttribute('validUntil'))
if element.hasAttribute('cacheDuration'):
cache_duration = element.getAttribute('cacheDuration')
expire_time = OneLogin_Saml2_Utils.get_expire_time(
cache_duration, valid_until)
if expire_time is not None and int(
time()) > int(expire_time):
errors.append('expired_xml')
# TODO: Validate Sign
return errors
def validate_metadata(self, xml):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:returns: The list of found errors
:rtype: list
"""
assert isinstance(xml, compat.text_types)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
errors = []
root = OneLogin_Saml2_XML.validate_xml(xml,
'saml-schema-metadata-2.0.xsd',
self.__debug)
if isinstance(root, str):
errors.append(root)
else:
if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD:
errors.append('noEntityDescriptor_xml')
else:
if (len(
root.findall(
'.//md:SPSSODescriptor',
namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1:
errors.append('onlySPSSODescriptor_allowed_xml')
else:
valid_until, cache_duration = root.get(
'validUntil'), root.get('cacheDuration')
if valid_until:
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(
valid_until)
expire_time = OneLogin_Saml2_Utils.get_expire_time(
cache_duration, valid_until)
if expire_time is not None and int(
time()) > int(expire_time):
errors.append('expired_xml')
# TODO: Validate Sign
return errors
def testGetExpireTime(self):
"""
Tests the get_expire_time method of the OneLogin_Saml2_Utils
"""
self.assertEqual(None, OneLogin_Saml2_Utils.get_expire_time())
self.assertNotEqual(None, OneLogin_Saml2_Utils.get_expire_time('PT360000S'))
self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2010-12-10T04:39:31Z'))
self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1291955971))
self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z'))
self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371))
def testGetExpireTime(self):
"""
Tests the get_expire_time method of the OneLogin_Saml2_Utils
"""
self.assertEqual(None, OneLogin_Saml2_Utils.get_expire_time())
self.assertNotEqual(None, OneLogin_Saml2_Utils.get_expire_time('PT360000S'))
self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2010-12-10T04:39:31Z'))
self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1291955971))
self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z'))
self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371))
def validate_metadata(self, xml):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:returns: The list of found errors
:rtype: list
"""
assert isinstance(xml, basestring)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
errors = []
res = OneLogin_Saml2_Utils.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug)
if not isinstance(res, Document):
errors.append(res)
else:
dom = res
element = dom.documentElement
if element.tagName not in 'md:EntityDescriptor':
errors.append('noEntityDescriptor_xml')
else:
if len(element.getElementsByTagName('md:SPSSODescriptor')) != 1:
errors.append('onlySPSSODescriptor_allowed_xml')
else:
valid_until = cache_duration = expire_time = None
if element.hasAttribute('validUntil'):
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(element.getAttribute('validUntil'))
if element.hasAttribute('cacheDuration'):
cache_duration = element.getAttribute('cacheDuration')
expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until)
if expire_time is not None and int(datetime.now().strftime('%s')) > int(expire_time):
errors.append('expired_xml')
# TODO: Validate Sign
return errors
def validate_metadata(self, xml):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:returns: The list of found errors
:rtype: list
"""
assert isinstance(xml, compat.text_types)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
errors = []
root = OneLogin_Saml2_XML.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug)
if isinstance(root, str):
errors.append(root)
else:
if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD:
errors.append('noEntityDescriptor_xml')
else:
if (len(root.findall('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1:
errors.append('onlySPSSODescriptor_allowed_xml')
else:
valid_until, cache_duration = root.get('validUntil'), root.get('cacheDuration')
if valid_until:
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until)
expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until)
if expire_time is not None and int(time()) > int(expire_time):
errors.append('expired_xml')
# TODO: Validate Sign
return errors
def validate_metadata(self,
xml,
fingerprint=None,
fingerprintalg='sha1',
validatecert=False):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:param fingerprint: The fingerprint of the public cert
:type: string
:param fingerprintalg: The algorithm used to build the fingerprint
:type: string
:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool
:returns: a dictionary with the list of found validation errors and signature check
:rtype: dict
"""
result = {
'schemaValidate': True,
'signCheck': False,
'error': 0,
'msg': ''
}
assert isinstance(xml, compat.text_types)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
#errors = {'validate':[], 'signCheck':0}
root = OneLogin_Saml2_XML.validate_xml(
xml, 'saml-schema-metadata-2.0.xsd',
self._OneLogin_Saml2_Settings__debug)
if isinstance(root, str):
result['msg'] = root
result['schemaValidate'] = False
else:
if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD:
result['msg'] = 'noEntityDescriptor_xml'
result['error'] = 1
result['schemaValidate'] = False
#errors.append('noEntityDescriptor_xml')
else:
if (len(
root.findall(
'.//md:SPSSODescriptor',
namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1:
#errors.append('onlySPSSODescriptor_allowed_xml')
result['msg'] = 'onlySPSSODescriptor_allowed_xml'
result['error'] = 2
result['schemaValidate'] = False
else:
valid_until, cache_duration = root.get(
'validUntil'), root.get('cacheDuration')
if valid_until:
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(
valid_until)
expire_time = OneLogin_Saml2_Utils.get_expire_time(
cache_duration, valid_until)
if expire_time is not None and int(
time()) > int(expire_time):
#errors.append('expired_xml')
result['msg'] = 'expired_xml'
result['error'] = 3
result['schemaValidate'] = False
# Validate Sign
signCheck = OneLogin_Saml2_Utils.validate_metadata_sign(
xml,
fingerprint=fingerprint,
fingerprintalg=fingerprintalg,
validatecert=validatecert)
if signCheck:
result['signCheck'] = True
return result
