Merge remote-tracking branch 'upstream/master'

setup.py

@@ -17,8 +17,7 @@ install_requires = [
     'pytz',
     'pyOpenSSL',
     'python-dateutil',
-    'six',
-    'future'
+    'six'
 ]
 
 version = ''

src/saml2/algsupport.py

@@ -0,0 +1,76 @@
+from subprocess import Popen, PIPE
+from saml2.sigver import get_xmlsec_binary
+from saml2.extension.algsupport import SigningMethod
+from saml2.extension.algsupport import DigestMethod
+
+__author__ = 'roland'
+
+DIGEST_METHODS = {
+    "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
+    "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
+    "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
+    "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
+    "hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384',
+    "hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512',
+    "hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160'
+}
+
+SIGNING_METHODS = {
+    "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
+    "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
+    "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
+    "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
+    "rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+    "rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
+    "rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
+    "dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1',
+    'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256',
+    'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1',
+    'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224',
+    'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256',
+    'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384',
+    'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512',
+}
+
+
+def get_algorithm_support(xmlsec):
+    com_list = [xmlsec, '--list-transforms']
+    pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
+
+    p_out = pof.stdout.read().decode('utf-8')
+    p_err = pof.stderr.read().decode('utf-8')
+
+    if not p_err:
+        p = p_out.split('\n')
+        algs = [x.strip('"') for x in p[1].split(',')]
+        digest = []
+        signing = []
+        for alg in algs:
+            if alg in DIGEST_METHODS:
+                digest.append(alg)
+            elif alg in SIGNING_METHODS:
+                signing.append(alg)
+
+        return {"digest": digest, "signing": signing}
+
+    raise SystemError(p_err)
+
+
+def algorithm_support_in_metadata(xmlsec):
+    if xmlsec is None:
+        return []
+
+    support = get_algorithm_support(xmlsec)
+    element_list = []
+    for alg in support["digest"]:
+        element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
+    for alg in support["signing"]:
+        element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
+    return element_list
+
+if __name__ == '__main__':
+    xmlsec = get_xmlsec_binary()
+    res = get_algorithm_support(xmlsec)
+    print(res)
+    for a in algorithm_support_in_metadata(xmlsec):
+        print(a)

tests/server2_conf.py

@@ -7,7 +7,8 @@ CONFIG = {
     "service": {
         "sp": {
             "endpoints": {
-                "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
+                "assertion_consumer_service": [
+                    "http://lingon.catalogix.se:8087/"],
             },
             "required_attributes": ["surName", "givenName", "mail"],
             "optional_attributes": ["title"],

tests/sp_mdext_conf.py

@@ -1,4 +1,4 @@
-from pathutils import full_path
+from pathutils import full_path, xmlsec_path
 
 CONFIG = {
     "entityid": "urn:mace:example.com:saml:roland:sp",
@@ -38,7 +38,7 @@ CONFIG = {
     "debug": 1,
     "key_file": full_path("test.key"),
     "cert_file": full_path("test.pem"),
-    "xmlsec_binary": None,
+    "xmlsec_binary": xmlsec_path,
     "metadata": {
         "local": [full_path("idp_2.xml")],
     },

tests/test_30_mdstore.py

@@ -2,8 +2,8 @@
 # -*- coding: utf-8 -*-
 import datetime
 import re
-#from six.moves.urllib.parse import quote_plus
-from future.backports.urllib.parse import quote_plus
+from six.moves.urllib.parse import quote_plus
+#from future.backports.urllib.parse import quote_plus
 from saml2.config import Config
 from saml2.mdstore import MetadataStore
 from saml2.mdstore import MetaDataMDX

tests/test_83_md_extensions.py

@@ -12,3 +12,6 @@ print(ed)
 
 assert ed.spsso_descriptor.extensions
 assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
+
+assert ed.extensions
+assert len(ed.extensions.extension_elements) > 1

tools/mdexport.py

@@ -1,23 +1,17 @@
  #!/usr/bin/env python
-from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext
+from saml2.sigver import _get_xmlsec_cryptobackend
+from saml2.sigver import SecurityContext
 from saml2.httpbase import HTTPBase
 
 from saml2 import saml
 from saml2 import md
 from saml2.attribute_converter import ac_factory
-from saml2.extension import dri
-from saml2.extension import idpdisc
-from saml2.extension import mdattr
-from saml2.extension import mdrpi
-from saml2.extension import mdui
-from saml2.extension import shibmd
-from saml2.extension import ui
 from saml2 import xmldsig
 from saml2 import xmlenc
 
 import argparse
 
-from saml2.mdstore import MetaDataFile, MetaDataExtern
+from saml2.mdstore import MetaDataFile, MetaDataExtern, load_extensions
 
 __author__ = 'rolandh'
 
@@ -29,18 +23,12 @@ dictionary format.
 
 ONTS = {
     saml.NAMESPACE: saml,
-    mdui.NAMESPACE: mdui,
-    mdattr.NAMESPACE: mdattr,
-    mdrpi.NAMESPACE: mdrpi,
-    dri.NAMESPACE: dri,
-    ui.NAMESPACE: ui,
-    idpdisc.NAMESPACE: idpdisc,
     md.NAMESPACE: md,
     xmldsig.NAMESPACE: xmldsig,
     xmlenc.NAMESPACE: xmlenc,
-    shibmd.NAMESPACE: shibmd
 }
 
+ONTS.update(load_extensions())
 
 parser = argparse.ArgumentParser()
 parser.add_argument('-t', dest='type')