def sign_response(self, response): response = '%s' % response # Sign assertion in the response xmlsec = CryptoBackendXmlSec1( os.environ.get('SAML2_XMLSEC', '/usr/bin/xmlsec1')) seccont = SecurityContext(xmlsec, key_file=os.path.join( path, 'data', 'test.key')) signed_response = seccont.sign_statement( response, 'urn:oasis:names:tc:SAML:2.0:protocol:Response') return signed_response
parser.add_argument('-c', dest='cert') parser.add_argument('-a', dest='attrsmap') parser.add_argument('-o', dest='output') parser.add_argument('-x', dest='xmlsec') parser.add_argument(dest="item") args = parser.parse_args() metad = None if args.type == "local": metad = MetaDataFile(list(ONTS.values()), args.item, args.item) elif args.type == "external": ATTRCONV = ac_factory(args.attrsmap) httpc = HTTPBase() crypto = _get_xmlsec_cryptobackend(args.xmlsec) sc = SecurityContext(crypto) metad = MetaDataExtern(list(ONTS.values()), ATTRCONV, args.url, sc, cert=args.cert, http=httpc) if metad: try: metad.load() except: raise else: print("OK")
if line[0] == "#": continue spec = line.split(" ") if args.ignore_valid: kwargs = {"check_validity": False} else: kwargs = {} if spec[0] == "local": metad = MetaDataFile(ONTS.values(), spec[1], spec[1], **kwargs) elif spec[0] == "remote": ATTRCONV = ac_factory(args.attrsmap) httpc = HTTPBase() crypto = _get_xmlsec_cryptobackend(args.xmlsec) sc = SecurityContext(crypto, key_type="", cert_type="") metad = MetaDataExtern(ONTS.values(), ATTRCONV, spec[1], sc, cert=spec[2], http=httpc, **kwargs) if metad: try: metad.load() except: raise output.entity_descriptor.extend(metad.entities_descr.entity_descriptor)
valid_for = int(args.valid) * 24 if args.xmlsec: xmlsec = args.xmlsec else: xmlsec = get_xmlsec_binary(paths) eds = [] for filespec in args.config: bas, fil = os.path.split(filespec) if bas != "": sys.path.insert(0, bas) if fil.endswith(".py"): fil = fil[:-3] cnf = Config().load_file(fil, metadata_construction=True) eds.append(entity_descriptor(cnf)) secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert) if args.id: desc = entities_descriptor(eds, valid_for, args.name, args.id, args.sign, secc) valid_instance(desc) print desc.to_string(nspair) else: for eid in eds: if args.sign: desc = sign_entity_descriptor(eid, id, secc) else: desc = eid valid_instance(desc) print desc.to_string(nspair)
return 2 if not xmlsec: xmlsec = get_xmlsec_binary(path) eds = [] for filespec in args: bas, fil = os.path.split(filespec) if bas != "": sys.path.insert(0, bas) if fil.endswith(".py"): fil = fil[:-3] cnf = Config().load_file(fil, metadata_construction=True) eds.append(entity_descriptor(cnf, valid_for)) secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile) if entitiesid: desc = entities_descriptor(eds, valid_for, name, id, sign, secc) valid_instance(desc) print desc.to_string(nspair) else: for eid in eds: if sign: desc = sign_entity_descriptor(eid, valid_for, id, secc) else: desc = eid valid_instance(desc) print desc.to_string(nspair) if __name__ == "__main__": import sys