def load_metadata(self, metadata_conf): """ Loads metadata into an internal structure """ acs = self.attribute_converters if acs is None: raise ConfigurationError( "Missing attribute converter specification") try: ca_certs = self.ca_certs except: ca_certs = None try: disable_validation = self.disable_ssl_certificate_validation except: disable_validation = False mds = MetadataStore( acs, self, ca_certs, disable_ssl_certificate_validation=disable_validation) mds.imp(metadata_conf) return mds
def test_shibmd_scope_no_regex_all_descriptors(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["15"]) scopes = mds.sbibmd_scopes(entity_id='http://example.com/saml2/idp.xml', typ="idpsso_descriptor") all_scopes = list(scopes) expected = [ { "regexp": False, "text": "descriptor-example.org", }, { "regexp": True, "text": regex_compile("descriptor-example[^0-9]*\.org"), }, { "regexp": False, "text": "idpssodescriptor-example.org", }, ] assert len(all_scopes) == 3 assert all_scopes == expected
def test_xmlsec_err_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("idp_example.xml")) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( {("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), }) ) try: sec.sign_statement(assertion, class_name(assertion), key_file=full_path("tes.key"), node_id=assertion.id) except (XmlsecError, SigverError) as err: # should throw an exception pass else: assert False
def test_get_certs_from_metadata(): mds = MetadataStore(ONTS.values(), ATTRCONV, None) mds.imp(METADATACONF["11"]) certs1 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "any") certs2 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "idpsso") assert certs1[0] == certs2[0] == TEST_CERT
def test_filter_ava3(): policy = Policy({ "default": { "lifetime": { "minutes": 15 }, #"attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } }) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("entity_cat_sfs_hei.xml"), )] }]) ava = { "givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134" } ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) assert _eq(ava.keys(), ['eduPersonTargetedID', "norEduPersonNIN"])
def test_sha256_signing(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory(saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part( "11111", sec.my_cert, 1, sign_alg=SIG_RSA_SHA256), attribute_statement=do_attribute_statement({ ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), })) s = sec.sign_statement(assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id) assert s
def test_swami_1(): UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php' mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["1"]) assert len(mds) == 1 # One source idps = mds.with_descriptor("idpsso") assert idps.keys() idpsso = mds.single_sign_on_service(UMU_IDP) assert len(idpsso) == 1 assert list(locations(idpsso)) == [ 'https://idp.umu.se/saml2/idp/SSOService.php' ] _name = name(mds[UMU_IDP]) assert _name == u'Umeå University (SAML2)' certs = mds.certs(UMU_IDP, "idpsso", "signing") assert len(certs) == 1 sps = mds.with_descriptor("spsso") assert len(sps) == 108 wants = mds.attribute_requirement('https://connect8.sunet.se/shibboleth') lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation']) wants = mds.attribute_requirement('https://beta.lobber.se/shibboleth') assert wants["required"] == [] lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation', 'eduPersonEntitlement'])
def test_metadata_file(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["8"]) print((len(list(mds.keys())))) assert len(list(mds.keys())) == 560
def test_xmlsec_err(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("idp_example.xml")) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( {("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), }) ) try: sec.sign_statement(assertion, class_name(assertion), key_file=full_path("tes.key"), node_id=assertion.id) except (XmlsecError, SigverError) as err: # should throw an exception pass else: assert False
def test_xmlsec_err_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( {("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), }) ) with raises(XmlsecError): sec.sign_statement( assertion, class_name(assertion), key_file=INVALID_KEY, node_id=assertion.id, )
def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( { ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), } ) ) sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) _ass0 = saml.assertion_from_string(sigass) encrypted_assertion = EncryptedAssertion() encrypted_assertion.add_extension_element(_ass0) _, pre = make_temp( str(pre_encryption_part()).encode('utf-8'), decode=False ) enctext = sec.crypto.encrypt( str(encrypted_assertion), conf.cert_file, pre, "des-192", '/*[local-name()="EncryptedAssertion"]/*[local-name()="Assertion"]', ) decr_text = sec.decrypt(enctext, key_file=PRIV_KEY) _seass = saml.encrypted_assertion_from_string(decr_text) assertions = [] assers = extension_elements_to_elements( _seass.extension_elements, [saml, samlp] ) for ass in assers: _txt = sec.verify_signature( str(ass), PUB_KEY, node_name=class_name(assertion) ) if _txt: assertions.append(ass) assert assertions print(assertions)
def load_metadata(self, metadata_conf): """ Loads metadata into an internal structure """ acs = self.attribute_converters if acs is None: raise ConfigurationError( "Missing attribute converter specification") try: ca_certs = self.ca_certs except: ca_certs = None try: disable_validation = self.disable_ssl_certificate_validation except: disable_validation = False mds = MetadataStore( ONTS.values(), acs, self, ca_certs, disable_ssl_certificate_validation=disable_validation) mds.imp(metadata_conf) return mds
def test_xmlsec_err_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory(saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part( "11111", sec.my_cert, 1), attribute_statement=do_attribute_statement({ ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), })) with raises(XmlsecError): sec.sign_statement( assertion, class_name(assertion), key_file=INVALID_KEY, node_id=assertion.id, )
def load_metadata(self, metadata_conf): """ Loads metadata into an internal structure """ xmlsec_binary = self.xmlsec_binary acs = self.attribute_converters if xmlsec_binary is None: raise Exception("Missing xmlsec1 specification") if acs is None: raise Exception("Missing attribute converter specification") try: ca_certs = self.ca_certs except: ca_certs = None try: disable_validation = self.disable_ssl_certificate_validation except: disable_validation = False mds = MetadataStore(ONTS.values(), acs, xmlsec_binary, ca_certs, disable_ssl_certificate_validation=disable_validation) mds.imp(metadata_conf) return mds
def test_registration_info_no_policy(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["13"]) registration_info = mds.registration_info(entity_id='https://idp.szie.hu/idp/shibboleth') assert 'http://eduid.hu' == registration_info['registration_authority'] assert registration_info['registration_instant'] is None assert registration_info['registration_policy'] == {}
def test_extension(): mds = MetadataStore(ATTRCONV, None) # use ordered dict to force expected entity to be last metadata = OrderedDict() metadata["1"] = {"entity1": {}} metadata["2"] = {"entity2": {"idpsso_descriptor": [{"extensions": {"extension_elements": [{"__class__": "test"}]}}]}} mds.metadata = metadata assert mds.extension("entity2", "idpsso_descriptor", "test")
def test_load_local_dir(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["9"]) print mds assert len(mds) == 3 # Three sources assert len(mds.keys()) == 4 # number of idps
def test_registration_info(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["13"]) registration_info = mds.registration_info(entity_id='https://aai-idp.unibe.ch/idp/shibboleth') assert 'http://rr.aai.switch.ch/' == registration_info['registration_authority'] assert '2013-06-15T18:15:03Z' == registration_info['registration_instant'] assert 'https://www.switch.ch/aai/federation/switchaai/metadata-registration-practice-statement-20110711.txt' == \ registration_info['registration_policy']['en']
def test_load_local_dir(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["9"]) print(mds) assert len(mds) == 3 # Three sources assert len(mds.keys()) == 4 # number of idps
def __init__(self, idp_conf, logger, conf, publicKey, privateKey, metadataList): """ Constructor. Initiates the class. :param logger: Logger to be used when something needs to be logged. :param conf: idp_proxy_conf see IdpProxy/conig/idp_proxy_conf.example.py :param key: A RSA key to be used for encryption. :param metadataList: A list of metadata files. [{"local": ["swamid-1.0.xml"]}, {"local": ["sp.xml"]}] :raise: """ if (logger is None) or (conf is None) or (publicKey is None)or (privateKey is None): raise ValueError( "A new instance must include a value for logger, conf and key.") #Public key to be used for encryption. self.publicKey = publicKey self.privateKey = privateKey #Used for presentation of mako files. self.lookup = TemplateLookup( directories=[MetadataGeneration.CONST_STATIC_MAKO + 'templates', MetadataGeneration.CONST_STATIC_MAKO + 'htdocs'], module_directory='modules', input_encoding='utf-8', output_encoding='utf-8') #The logger. self.logger = logger #A list of all social services used by this IdPproxy. self.socialServiceKeyList = [] #A list of all service providers used by this sp. self.spKeyList = [] for key in conf: self.socialServiceKeyList.append(conf[key]["name"]) try: xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) except: try: xmlsec_path = get_xmlsec_binary(["/usr/local/bin"]) except: self.logger.info('Xmlsec must be installed! Tries /usr/bin/xmlsec1.') xmlsec_path = '/usr/bin/xmlsec1' self.xmlsec_path = xmlsec_path config = Config() config.disable_ssl_certificate_validation = True config.key_file = idp_conf["key_file"] config.cert_file = idp_conf["cert_file"] config.xmlsec_binary = idp_conf["xmlsec_binary"] config.debug = idp_conf["debug"] for metadata in metadataList: mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(), MetadataGeneration.CONST_ATTRCONV, config) mds.imp(metadata) for entityId in mds.keys(): self.spKeyList.append(entityId)
def test_load_external(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_ext_2(): mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["3"]) # No specific binding defined ents = mds.with_descriptor("spsso") for binding in [BINDING_SOAP, BINDING_HTTP_POST, BINDING_HTTP_ARTIFACT, BINDING_HTTP_REDIRECT]: assert mds.single_logout_service(list(ents.keys())[0], binding, "spsso")
def test_load_external(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_xbox_non_ascii_ava(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory(saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part( "11111", sec.my_cert, 1), attribute_statement=do_attribute_statement({ ("", "", "surName"): ("Föö", ""), ("", "", "givenName"): ("Bär", ""), })) sigass = sec.sign_statement( assertion, class_name(assertion), key_file=PRIV_KEY, node_id=assertion.id, ) _ass0 = saml.assertion_from_string(sigass) encrypted_assertion = EncryptedAssertion() encrypted_assertion.add_extension_element(_ass0) _, pre = make_temp(str(pre_encryption_part()).encode('utf-8'), decode=False) enctext = sec.crypto.encrypt( str(encrypted_assertion), conf.cert_file, pre, "des-192", '/*[local-name()="EncryptedAssertion"]/*[local-name()="Assertion"]', ) decr_text = sec.decrypt(enctext, key_file=PRIV_KEY) _seass = saml.encrypted_assertion_from_string(decr_text) assertions = [] assers = extension_elements_to_elements(_seass.extension_elements, [saml, samlp]) for ass in assers: _txt = sec.verify_signature(str(ass), PUB_KEY, node_name=class_name(assertion)) if _txt: assertions.append(ass) assert assertions print(assertions)
def test_load_extern_incommon(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert mds assert len(mds.keys())
def test_filter_ava_esi_coco(): entity_id = "https://esi-coco.example.edu/saml2/metadata/" mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("entity_esi_and_coco_sp.xml"), )] }]) policy_conf = { "default": { "lifetime": { "minutes": 15 }, "entity_categories": ["swamid"] } } policy = Policy(policy_conf, mds) ava = { "givenName": ["Test"], "sn": ["Testsson"], "mail": ["*****@*****.**"], "c": ["SE"], "schacHomeOrganization": ["example.com"], "eduPersonScopedAffiliation": ["*****@*****.**"], "schacPersonalUniqueCode": [ "urn:schac:personalUniqueCode:int:esi:ladok.se:externtstudentuid-00000000-1111-2222-3333-444444444444" ] } requested_attributes = [{ 'friendly_name': 'eduPersonScopedAffiliation', 'name': '1.3.6.1.4.1.5923.1.1.1.9', 'name_format': NAME_FORMAT_URI, 'is_required': 'true' }, { 'friendly_name': 'schacHomeOrganization', 'name': '1.3.6.1.4.1.25178.1.2.9', 'name_format': NAME_FORMAT_URI, 'is_required': 'true' }] ava = policy.filter(ava, entity_id, required=requested_attributes) assert _eq(list(ava.keys()), [ 'eduPersonScopedAffiliation', 'schacHomeOrganization', 'schacPersonalUniqueCode' ]) assert _eq(ava["eduPersonScopedAffiliation"], ["*****@*****.**"]) assert _eq(ava["schacHomeOrganization"], ["example.com"]) assert _eq(ava["schacPersonalUniqueCode"], [ "urn:schac:personalUniqueCode:int:esi:ladok.se:externtstudentuid-00000000-1111-2222-3333-444444444444" ])
def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("idp_example.xml")) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory(saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part( "11111", sec.my_cert, 1), attribute_statement=do_attribute_statement({ ("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), })) sigass = sec.sign_statement(assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id) _ass0 = saml.assertion_from_string(sigass) encrypted_assertion = EncryptedAssertion() encrypted_assertion.add_extension_element(_ass0) _, pre = make_temp(str(pre_encryption_part()).encode('utf-8'), decode=False) enctext = sec.crypto.encrypt( str(encrypted_assertion), conf.cert_file, pre, "des-192", '/*[local-name()="EncryptedAssertion"]/*[local-name()="Assertion"]') decr_text = sec.decrypt(enctext) _seass = saml.encrypted_assertion_from_string(decr_text) assertions = [] assers = extension_elements_to_elements(_seass.extension_elements, [saml, samlp]) sign_cert_file = full_path("test.pem") for ass in assers: _ass = "%s" % ass #_ass = _ass.replace('xsi:nil="true" ', '') #assert sigass == _ass _txt = sec.verify_signature(_ass, sign_cert_file, node_name=class_name(assertion)) if _txt: assertions.append(ass) print(assertions)
def test_swamid_idp(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True, filter=AllowDescriptor(["idpsso"])) mds.imp(METADATACONF["1"]) sps = mds.with_descriptor("spsso") assert len(sps) == 0 idps = mds.with_descriptor("idpsso") assert len(idps) == 275
def create_metadata(self, metadata): # For database implementation #mds = MetaDataStoreDB(db, self.config.attribute_converters, self.config) #mds.load_from_database() mds = MetadataStore(self.config.attribute_converters, self.config) mds.imp(metadata) return mds
def test_load_extern_incommon(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert mds assert len(mds.keys())
def test_switch_1(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["5"]) assert len(mds.keys()) > 160 idps = mds.with_descriptor("idpsso") print(idps.keys()) idpsso = mds.single_sign_on_service( 'https://aai-demo-idp.switch.ch/idp/shibboleth') assert len(idpsso) == 1 print(idpsso) assert destinations(idpsso) == [ 'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO'] assert len(idps) > 30 aas = mds.with_descriptor("attribute_authority") print(aas.keys()) aad = aas['https://aai-demo-idp.switch.ch/idp/shibboleth'] print(aad.keys()) assert len(aad["attribute_authority_descriptor"]) == 1 assert len(aad["idpsso_descriptor"]) == 1 sps = mds.with_descriptor("spsso") dual = [eid for eid, ent in idps.items() if eid in sps] print(len(dual)) assert len(dual) == 0
def test_incommon_1(): mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["2"]) print((mds.entities())) assert mds.entities() > 1700 idps = mds.with_descriptor("idpsso") print((list(idps.keys()))) assert len(idps) > 300 # ~ 18% try: _ = mds.single_sign_on_service("urn:mace:incommon:uiuc.edu") except UnknownPrincipal: pass idpsso = mds.single_sign_on_service("urn:mace:incommon:alaska.edu") assert len(idpsso) == 1 print(idpsso) assert destinations(idpsso) == ["https://idp.alaska.edu/idp/profile/SAML2/Redirect/SSO"] sps = mds.with_descriptor("spsso") acs_sp = [] for nam, desc in list(sps.items()): if "attribute_consuming_service" in desc: acs_sp.append(nam) assert len(acs_sp) == 0 # Look for attribute authorities aas = mds.with_descriptor("attribute_authority") print((list(aas.keys()))) assert len(aas) == 180
def test_swami_1(): UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php' mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["1"]) assert len(mds) == 1 # One source idps = mds.with_descriptor("idpsso") assert idps.keys() idpsso = mds.single_sign_on_service(UMU_IDP) assert len(idpsso) == 1 assert destinations(idpsso) == [ 'https://idp.umu.se/saml2/idp/SSOService.php'] _name = name(mds[UMU_IDP]) assert _name == u'Umeå University (SAML2)' certs = mds.certs(UMU_IDP, "idpsso", "signing") assert len(certs) == 1 sps = mds.with_descriptor("spsso") assert len(sps) == 108 wants = mds.attribute_requirement('https://connect8.sunet.se/shibboleth') lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation']) wants = mds.attribute_requirement('https://beta.lobber.se/shibboleth') assert wants["required"] == [] lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation', 'eduPersonEntitlement'])
def test_supported_algorithms(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["11"]) algs = mds.supported_algorithms( entity_id= 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php') assert 'http://www.w3.org/2001/04/xmlenc#sha256' in algs['digest_methods'] assert 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' in algs[ 'signing_methods']
def handleMetadataVerifyJson(self, environ, start_response, qs): """ Handles JSON metadata verifications. The post body must contains a JSON message like { 'xml' : 'a metadata file'} :param environ: wsgi enviroment :param start_response: wsgi start respons :param qs: Query parameters in a dictionary. :return: wsgi response contaning a JSON response. The JSON message will contain the parameter ok and services. ok will contain true if the metadata file can be parsed, otherwise false. services will contain a list of all the service names contained in the metadata file. """ ok = False services = "[]" try: if MetadataGeneration.CONST_BODY in qs: jsonMessage = json.loads(qs[MetadataGeneration.CONST_BODY]) if "xml" in jsonMessage: xml = jsonMessage["xml"] xml = xml.strip() metadataOK = False ci = None try: mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(), MetadataGeneration.CONST_ATTRCONV, self.xmlsec_path, disable_ssl_certificate_validation=True) md = MetaData(MetadataGeneration.CONST_ONTS.values(), MetadataGeneration.CONST_ATTRCONV, metadata=xml) md.load() entityId = md.entity.keys()[0] mds.metadata[entityId] = md args = {"metad": mds, "dkeys": {"rsa": [self.privateKey]}} ci = utils.ConsumerInfo(['metadata'], **args) metadataOK = True except: self.logger.info('Could not parse the metadata file in handleMetadataVerifyJSON.', exc_info=True) services = "[" first = True if ci is not None: for item in ci._info: if item._ava is not None and entityId in item._ava: for social in item._ava[entityId]: if not first: services += "," else: first = False services += '"' + social + '"' services += "]" if metadataOK: ok = True except: self.logger.fatal('Unknown error in handleMetadataVerifyJSON.', exc_info=True) resp = Response('{"ok":"' + str(ok) + '", "services":' + services + '}', headers=[('Content-Type', MetadataGeneration.CONST_TYPEJSON)]) return resp(environ, start_response)
def test_metadata(): conf = config.Config() conf.load_file("idp_conf_mdb") umu_idp = 'https://idp.umu.se/saml2/idp/metadata.php' # Set up a Metadata store mds = MetadataStore(ATTRCONV, conf, disable_ssl_certificate_validation=True) # Import metadata from local file. mds.imp([{"class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("swamid-2.0.xml"), )]}]) assert len(mds) == 1 # One source try: export_mdstore_to_mongo_db(mds, "metadata", "test") except ConnectionFailure: pass else: mdmdb = MetadataMDB(ATTRCONV, "metadata", "test") # replace all metadata instances with this one mds.metadata = {"mongo_db": mdmdb} idps = mds.with_descriptor("idpsso") assert idps.keys() idpsso = mds.single_sign_on_service(umu_idp) assert len(idpsso) == 1 assert destinations(idpsso) == [ 'https://idp.umu.se/saml2/idp/SSOService.php'] _name = name(mds[umu_idp]) assert _name == u'Ume\xe5 University' certs = mds.certs(umu_idp, "idpsso", "signing") assert len(certs) == 1 sps = mds.with_descriptor("spsso") assert len(sps) == 417 wants = mds.attribute_requirement('https://connect.sunet.se/shibboleth') assert wants["optional"] == [] lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation', 'eduPersonAffiliation']) wants = mds.attribute_requirement( "https://gidp.geant.net/sp/module.php/saml/sp/metadata.php/default-sp") # Optional lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['displayName', 'commonName', 'schacHomeOrganization', 'eduPersonAffiliation', 'schacHomeOrganizationType']) # Required lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]] assert _eq(lnamn, ['eduPersonTargetedID', 'mail', 'eduPersonScopedAffiliation'])
def test_xbox(): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("idp_example.xml")) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", sec.my_cert, 1), attribute_statement=do_attribute_statement( {("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", "")} ), ) sigass = sec.sign_statement(assertion, class_name(assertion), key_file=full_path("test.key"), node_id=assertion.id) _ass0 = saml.assertion_from_string(sigass) encrypted_assertion = EncryptedAssertion() encrypted_assertion.add_extension_element(_ass0) _, pre = make_temp(str(pre_encryption_part()).encode("utf-8"), decode=False) enctext = sec.crypto.encrypt( str(encrypted_assertion), conf.cert_file, pre, "des-192", '/*[local-name()="EncryptedAssertion"]/*[local-name()="Assertion"]', ) decr_text = sec.decrypt(enctext) _seass = saml.encrypted_assertion_from_string(decr_text) assertions = [] assers = extension_elements_to_elements(_seass.extension_elements, [saml, samlp]) sign_cert_file = full_path("test.pem") for ass in assers: _ass = "%s" % ass # _ass = _ass.replace('xsi:nil="true" ', '') # assert sigass == _ass _txt = sec.verify_signature(_ass, sign_cert_file, node_name=class_name(assertion)) if _txt: assertions.append(ass) print(assertions)
def __init__(self, user, passwd, sp="", idp=None, metadata_file=None, xmlsec_binary=None, verbose=0, ca_certs="", disable_ssl_certificate_validation=True, key_file=None, cert_file=None, config=None): """ :param user: user name :param passwd: user password :param sp: The SP URL :param idp: The IdP PAOS endpoint :param metadata_file: Where the metadata file is if used :param xmlsec_binary: Where the xmlsec1 binary can be found (*) :param verbose: Chatty or not :param ca_certs: is the path of a file containing root CA certificates for SSL server certificate validation (*) :param disable_ssl_certificate_validation: If disable_ssl_certificate_validation is true, SSL cert validation will not be performed (*) :param key_file: Private key filename (*) :param cert_file: Certificate filename (*) :param config: Config() instance, overrides all the parameters marked with an asterisk (*) above """ if not config: config = Config() config.disable_ssl_certificate_validation = \ disable_ssl_certificate_validation config.key_file = key_file config.cert_file = cert_file config.ca_certs = ca_certs config.xmlsec_binary = xmlsec_binary Entity.__init__(self, "sp", config) self._idp = idp self._sp = sp self.user = user self.passwd = passwd self._verbose = verbose if metadata_file: self._metadata = MetadataStore([saml, samlp], None, config) self._metadata.load("local", metadata_file) logger.debug("Loaded metadata from '%s'", metadata_file) else: self._metadata = None self.metadata = self._metadata self.cookie_handler = None self.done_ecp = False self.cookie_jar = cookielib.LWPCookieJar()
def test_metadata(): conf = config.Config() conf.load_file("idp_conf_mdb") UMU_IDP = "https://idp.umu.se/saml2/idp/metadata.php" # Set up a Metadata store mds = MetadataStore(list(ONTS.values()), ATTRCONV, conf, disable_ssl_certificate_validation=True) # Import metadata from local file. mds.imp({"local": [full_path("swamid-2.0.xml")]}) assert len(mds) == 1 # One source export_mdstore_to_mongo_db(mds, "metadata", "test") mdmdb = MetadataMDB(ONTS, ATTRCONV, "metadata", "test") # replace all metadata instances with this one mds.metadata = {"mongo_db": mdmdb} idps = mds.with_descriptor("idpsso") assert list(idps.keys()) idpsso = mds.single_sign_on_service(UMU_IDP) assert len(idpsso) == 1 assert destinations(idpsso) == ["https://idp.umu.se/saml2/idp/SSOService.php"] _name = name(mds[UMU_IDP]) assert _name == "Ume\xe5 University" certs = mds.certs(UMU_IDP, "idpsso", "signing") assert len(certs) == 1 sps = mds.with_descriptor("spsso") assert len(sps) == 431 wants = mds.attribute_requirement("https://connect.sunet.se/shibboleth") assert wants["optional"] == [] lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]] assert _eq( lnamn, ["eduPersonPrincipalName", "mail", "givenName", "sn", "eduPersonScopedAffiliation", "eduPersonAffiliation"], ) wants = mds.attribute_requirement("https://gidp.geant.net/sp/module.php/saml/sp/metadata.php/default-sp") # Optional lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq( lnamn, ["displayName", "commonName", "schacHomeOrganization", "eduPersonAffiliation", "schacHomeOrganizationType"], ) # Required lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]] assert _eq(lnamn, ["eduPersonTargetedID", "mail", "eduPersonScopedAffiliation"])
def test_load_external(mock_request): filepath = os.path.join(TESTS_DIR, "remote_data/InCommon-metadata-export.xml") with open(filepath) as fd: data = fd.read() mock_request.return_value.ok = True mock_request.return_value.status_code = 200 mock_request.return_value.content = data sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_entity_category_import_from_path(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) # The file entity_cat_rs.xml contains the SAML metadata for an SP # tagged with the REFEDs R&S entity category. mds.imp([{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("entity_cat_rs.xml"), )] }]) # The entity category module myentitycategory.py is in the tests # directory which is on the standard module search path. # The module uses a custom interpretation of the REFEDs R&S entity category # by adding eduPersonUniqueId. policy = Policy( { "default": { "lifetime": { "minutes": 15 }, "entity_categories": ["myentitycategory"] } }, mds) ava = { "givenName": ["Derek"], "sn": ["Jeter"], "displayName": "Derek Jeter", "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "eduPersonUniqueId": "*****@*****.**", "eduPersonScopedAffiliation": "*****@*****.**", "eduPersonPrincipalName": "*****@*****.**", "norEduPersonNIN": "19800101134" } ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp") # We expect c and norEduPersonNIN to be filtered out since they are not # part of the custom entity category. assert _eq(list(ava.keys()), [ "eduPersonTargetedID", "eduPersonPrincipalName", "eduPersonUniqueId", "displayName", "givenName", "eduPersonScopedAffiliation", "mail", "sn" ])
def test_sp_metadata(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["6"]) assert len(mds.keys()) == 1 assert mds.keys() == ['urn:mace:umu.se:saml:roland:sp'] assert _eq(mds['urn:mace:umu.se:saml:roland:sp'].keys(), ['entity_id', '__class__', 'spsso_descriptor']) req = mds.attribute_requirement('urn:mace:umu.se:saml:roland:sp') print req assert len(req["required"]) == 3 assert len(req["optional"]) == 1 assert req["optional"][0]["name"] == 'urn:oid:2.5.4.12' assert req["optional"][0]["friendly_name"] == 'title' assert _eq([n["name"] for n in req["required"]], [ 'urn:oid:2.5.4.4', 'urn:oid:2.5.4.42', 'urn:oid:0.9.2342.19200300.100.1.3' ]) assert _eq([n["friendly_name"] for n in req["required"]], ['surName', 'givenName', 'mail'])
def setup_class(self): xmlexec = get_xmlsec_binary() md = MetadataStore([saml, samlp], None, xmlexec) md.load("local", "metadata_cert.xml") self.sec = sigver.SecurityContext(xmlexec, key_file=PRIV_KEY, cert_file=PUB_KEY, debug=1, metadata=md) self._assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", self.sec.my_cert, 1), attribute_statement=do_attribute_statement({ ("","","surName"): ("Foo",""), ("","","givenName") :("Bar",""), }) )
def setup_class(self): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("metadata_cert.xml")) conf.metadata = md conf.only_use_keys_in_metadata = False self.sec = sigver.security_context(conf) assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", self.sec.my_cert, 1), attribute_statement=do_attribute_statement( {("", "", "surName"): ("Foo", ""), ("", "", "givenName"): ("Bar", ""), }) )
def test_filter_ava_registration_authority_1(): mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["1"]) policy_conf = { "default": { "lifetime": { "minutes": 15 }, "attribute_restrictions": None, }, "http://rr.aai.switch.ch/": { "attribute_restrictions": { "givenName": None, "surName": None, } } } policy = Policy(restrictions=policy_conf, mds=mds) attributes = { "givenName": ["Derek"], "surName": ["Jeter"], "mail": [ "*****@*****.**", "*****@*****.**", ], } # SP registered with http://rr.aai.switch.ch/ ava = policy.filter(attributes, "https://aai-idp.unibe.ch/idp/shibboleth") assert _eq(sorted(list(ava.keys())), ["givenName", "surName"]) assert ava["givenName"] == ["Derek"] assert ava["surName"] == ["Jeter"] # SP not registered with http://rr.aai.switch.ch/ ava = policy.filter(attributes, "https://alpha.kib.ki.se/shibboleth") assert _eq(sorted(list(ava.keys())), ["givenName", "mail", "surName"]) assert ava["givenName"] == ["Derek"] assert ava["surName"] == ["Jeter"] assert ava["mail"] == ["*****@*****.**", "*****@*****.**"]
def test_filter_ava_required_attributes_with_no_friendly_name(): entity_id = "https://no-friendly-name.example.edu/saml2/metadata/" mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("entity_no_friendly_name_sp.xml"), )] }]) policy_conf = { "default": { "lifetime": { "minutes": 15 }, "entity_categories": ["swamid"] } } policy = Policy(policy_conf, mds) ava = { "givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134", } attribute_requirements = mds.attribute_requirement(entity_id) required = attribute_requirements.get("required", []) optional = attribute_requirements.get("optional", []) # ensure the requirements define the eduPersonTargetedID # without the friendlyName attribute oid_eptid = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' requested_attribute_eptid = RequestedAttribute(name=oid_eptid, name_format=NAME_FORMAT_URI, is_required='true') assert required == [to_dict(requested_attribute_eptid, onts=[mdattr])] ava = policy.filter(ava, entity_id, required=required, optional=optional) assert _eq(list(ava.keys()), ["eduPersonTargetedID"])
def find_allowed_algorithms(metadata_file, ic): mds = MetadataStore(ic.attribute_converters, ic, disable_ssl_certificate_validation=True) mds.imp([{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(metadata_file,)]}]) md = mds.metadata[metadata_file] ed = list(md.entity.values())[0] res = {"digest_algorithms":[], "signing_algorithms":[]} for elem in ed['extensions']['extension_elements']: if elem['__class__'] == '{}&DigestMethod'.format(algsupport.NAMESPACE): res['digest_algorithms'].append(elem['algorithm']) elif elem['__class__'] == '{}&SigningMethod'.format( algsupport.NAMESPACE): res['signing_algorithms'].append(elem['algorithm']) return res
def setup_class(self): conf = config.SPConfig() conf.load_file("server_conf") md = MetadataStore([saml, samlp], None, conf) md.load("local", full_path("metadata_cert.xml")) crypto = get_xmlsec_cryptobackend() self.sec = sigver.SecurityContext(crypto, key_file=PRIV_KEY, cert_file=PUB_KEY, debug=1, metadata=md) self._assertion = factory( saml.Assertion, version="2.0", id="11111", issue_instant="2009-10-30T13:20:28Z", signature=sigver.pre_signature_part("11111", self.sec.my_cert, 1), attribute_statement=do_attribute_statement({ ("","","surName"): ("Foo",""), ("","","givenName") :("Bar",""), }) )
def test_metadata(): conf = config.Config() conf.load_file("idp_conf_mdb") UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php' mds = MetadataStore(ONTS.values(), ATTRCONV, conf, disable_ssl_certificate_validation=True) mds.imp({"local": [full_path("swamid-1.0.xml")]}) assert len(mds) == 1 # One source export_mdstore_to_mongo_db(mds, "metadata", "test") mdmdb = MetadataMDB(ONTS, ATTRCONV, "metadata", "test") # replace all metadata instances with this one mds.metadata = {"mongo_db": mdmdb} idps = mds.with_descriptor("idpsso") assert idps.keys() idpsso = mds.single_sign_on_service(UMU_IDP) assert len(idpsso) == 1 assert destinations(idpsso) == [ 'https://idp.umu.se/saml2/idp/SSOService.php'] _name = name(mds[UMU_IDP]) assert _name == u'Umeå University (SAML2)' certs = mds.certs(UMU_IDP, "idpsso", "signing") assert len(certs) == 1 sps = mds.with_descriptor("spsso") assert len(sps) == 108 wants = mds.attribute_requirement('https://connect8.sunet.se/shibboleth') lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation']) wants = mds.attribute_requirement('https://beta.lobber.se/shibboleth') assert wants["required"] == [] lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]] assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn', 'eduPersonScopedAffiliation', 'eduPersonEntitlement'])
def test_filter_ava3(): policy = Policy({ "default": { "lifetime": {"minutes": 15}, #"attribute_restrictions": None # means all I have "entity_categories": ["swamid"] } }) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp([{"class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("entity_cat_sfs_hei.xml"), )]}]) ava = {"givenName": ["Derek"], "sn": ["Jeter"], "mail": ["*****@*****.**"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134"} ava = policy.filter(ava, "urn:mace:example.com:saml:roland:sp", mds) assert _eq(list(ava.keys()), ['eduPersonTargetedID', "norEduPersonNIN"])
def test_get_certs_from_metadata(): mds = MetadataStore(ATTRCONV, None) mds.imp(METADATACONF["11"]) certs1 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "any") certs2 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "idpsso") assert certs1[0] == certs2[0] == TEST_CERT
def test_okta(): conf = config.Config() conf.load_file("server_conf") conf.id_attr_name = 'Id' md = MetadataStore([saml, samlp], None, conf) md.load("local", IDP_EXAMPLE) conf.metadata = md conf.only_use_keys_in_metadata = False sec = sigver.security_context(conf) with open(OKTA_RESPONSE) as f: enctext = f.read() decr_text = sec.decrypt(enctext) _seass = saml.encrypted_assertion_from_string(decr_text) assers = extension_elements_to_elements(_seass.extension_elements, [saml, samlp]) with open(OKTA_ASSERTION) as f: okta_assertion = f.read() expected_assert = assertion_from_string(okta_assertion) assert len(assers) == 1 assert assers[0] == expected_assert
def test_get_certs_from_metadata_without_keydescriptor(): mds = MetadataStore(ATTRCONV, None) mds.imp([{ "class": "saml2.mdstore.InMemoryMetaData", "metadata": [(""" <EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmeta="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Name="urn:mace:example.com:test-1.0"> <EntityDescriptor entityID="http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php" xml:base="swamid-1.0/idp.umu.se-saml2.xml"> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"/> </IDPSSODescriptor> <Organization> <OrganizationName xml:lang="en">Catalogix</OrganizationName> <OrganizationDisplayName xml:lang="en">Catalogix</OrganizationDisplayName> <OrganizationURL xml:lang="en">http://www.catalogix.se</OrganizationURL> </Organization> <ContactPerson contactType="technical"> <SurName>Hedberg</SurName> <EmailAddress>[email protected]</EmailAddress> </ContactPerson> </EntityDescriptor> </EntitiesDescriptor>""", )] }]) certs = mds.certs( "http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "idpsso") assert len(certs) == 0
def __init__(self, user, passwd, sp="", idp=None, metadata_file=None, xmlsec_binary=None, verbose=0, ca_certs="", disable_ssl_certificate_validation=True, key_file=None, cert_file=None, config=None): """ :param user: user name :param passwd: user password :param sp: The SP URL :param idp: The IdP PAOS endpoint :param metadata_file: Where the metadata file is if used :param xmlsec_binary: Where the xmlsec1 binary can be found (*) :param verbose: Chatty or not :param ca_certs: is the path of a file containing root CA certificates for SSL server certificate validation (*) :param disable_ssl_certificate_validation: If disable_ssl_certificate_validation is true, SSL cert validation will not be performed (*) :param key_file: Private key filename (*) :param cert_file: Certificate filename (*) :param config: Config() instance, overrides all the parameters marked with an asterisk (*) above """ if not config: config = Config() config.disable_ssl_certificate_validation = \ disable_ssl_certificate_validation config.key_file = key_file config.cert_file = cert_file config.ca_certs = ca_certs config.xmlsec_binary = xmlsec_binary Entity.__init__(self, "sp", config) self._idp = idp self._sp = sp self.user = user self.passwd = passwd self._verbose = verbose if metadata_file: self._metadata = MetadataStore([saml, samlp], None, config) self._metadata.load("local", metadata_file) logger.debug("Loaded metadata from '%s'" % metadata_file) else: self._metadata = None self.metadata = self._metadata self.cookie_handler = None self.done_ecp = False self.cookie_jar = cookielib.LWPCookieJar()
def load(insecure, conf, md_conf, typ): try: md_conf = conf["metadata"] del conf["metadata"] except KeyError: pass if typ == 'sp': _cnf = SPConfig().load(conf) else: _cnf = IdPConfig().load(conf) if insecure: disable_validation = True else: disable_validation = False mds = MetadataStore(_cnf.attribute_converters, _cnf, disable_ssl_certificate_validation=disable_validation) mds.imp(md_conf) return mds