Try to make only sigver know about xmlsec1.

2013-03-11 16:53:48 +01:00
parent d3babe5fb5
commit 642d4e2f5e
5 changed files with 43 additions and 29 deletions
--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -320,11 +320,8 @@ class Config(object):
    def load_metadata(self, metadata_conf):
        """ Loads metadata into an internal structure """

-        xmlsec_binary = self.xmlsec_binary
        acs = self.attribute_converters

-        if xmlsec_binary is None:
-            raise Exception("Missing xmlsec1 specification")
        if acs is None:
            raise Exception("Missing attribute converter specification")

@@ -337,7 +334,7 @@ class Config(object):
        except:
            disable_validation = False

-        mds = MetadataStore(ONTS.values(), acs, xmlsec_binary, ca_certs,
+        mds = MetadataStore(ONTS.values(), acs, self, ca_certs,
                            disable_ssl_certificate_validation=disable_validation)

        mds.imp(metadata_conf)
--- a/src/saml2/ecp_client.py
+++ b/src/saml2/ecp_client.py
@@ -67,6 +67,7 @@ class Client(Entity):
        config.key_file = key_file
        config.cert_file = cert_file
        config.ca_certs = ca_certs
+        config.xmlsec_binary = xmlsec_binary

        Entity.__init__(self, "sp", config)
        self._idp = idp
@@ -76,7 +77,7 @@ class Client(Entity):
        self._verbose = verbose

        if metadata_file:
-            self._metadata = MetadataStore([saml, samlp], None, xmlsec_binary)
+            self._metadata = MetadataStore([saml, samlp], None, config)
            self._metadata.load("local", metadata_file)
            logger.debug("Loaded metadata from '%s'" % metadata_file)
        else:
--- a/src/saml2/mdstore.py
+++ b/src/saml2/mdstore.py
@@ -14,10 +14,11 @@ from saml2 import BINDING_HTTP_REDIRECT
 from saml2 import BINDING_HTTP_POST
 from saml2 import BINDING_SOAP
 from saml2.s_utils import UnsupportedBinding, UnknownPrincipal
-from saml2.sigver import verify_signature, split_len
+from saml2.sigver import split_len
 from saml2.validate import valid_instance
 from saml2.time_util import valid
 from saml2.validate import NotValid
+from saml2.sigver import security_context

 __author__ = 'rolandh'

@@ -325,11 +326,19 @@ class MetaDataExtern(MetaData):
    Accessible but HTTP GET.
    """

-    def __init__(self, onts, attrc, url, xmlsec_binary, cert, http):
+    def __init__(self, onts, attrc, url, security, cert, http):
+        """
+        :params onts:
+        :params attrc:
+        :params url:
+        :params security: SecurityContext()
+        :params cert:
+        :params http:
+        """
        MetaData.__init__(self, onts, attrc)
        self.url = url
+        self.security = security
        self.cert = cert
-        self.xmlsec_binary = xmlsec_binary
        self.http = http

    def load(self):
@@ -339,10 +348,12 @@ class MetaDataExtern(MetaData):
        """
        response = self.http.send(self.url)
        if response.status == 200:
-            if verify_signature(
-                    response.text, self.xmlsec_binary, self.cert,
-                    node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace,
-                                         md.EntitiesDescriptor.c_tag)):
+            node_name="%s:%s" % (md.EntitiesDescriptor.c_namespace,
+                                 md.EntitiesDescriptor.c_tag)
+            if self.security.verify_signature(response.text,
+                                              node_name=node_name,
+                                              cert_file=self.cert,
+                                              ):
                self.parse(response.text)
                return True
        else:
@@ -364,13 +375,20 @@ class MetaDataMD(MetaData):


 class MetadataStore(object):
-    def __init__(self, onts, attrc, xmlsec_binary=None, ca_certs=None,
+    def __init__(self, onts, attrc, config, ca_certs=None,
                 disable_ssl_certificate_validation=False):
+        """
+        :params onts:
+        :params attrc:
+        :params config: Config()
+        :params ca_certs:
+        :params disable_ssl_certificate_validation:
+        """
        self.onts = onts
        self.attrc = attrc
        self.http = HTTPBase(verify=disable_ssl_certificate_validation,
                             ca_bundle=ca_certs)
-        self.xmlsec_binary = xmlsec_binary
+        self.security = security_context(config)
        self.ii = 0
        self.metadata = {}

@@ -385,7 +403,7 @@ class MetadataStore(object):
        elif typ == "remote":
            key = kwargs["url"]
            md = MetaDataExtern(self.onts, self.attrc,
-                                kwargs["url"], self.xmlsec_binary,
+                                kwargs["url"], self.security,
                                kwargs["cert"], self.http)
        elif typ == "mdfile":
            key = args[0]
--- a/tests/test_30_mdstore.py
+++ b/tests/test_30_mdstore.py
@@ -12,6 +12,8 @@ from saml2 import BINDING_HTTP_REDIRECT
 from saml2 import BINDING_HTTP_POST
 from saml2 import BINDING_HTTP_ARTIFACT
 from saml2 import saml
+from saml2 import sigver
+from saml2 import config
 from saml2.attribute_converter import ac_factory
 from saml2.attribute_converter import d_to_local_name

@@ -24,12 +26,8 @@ from saml2.s_utils import UnknownPrincipal
 import xmldsig
 import xmlenc

-try:
-    from saml2.sigver import get_xmlsec_binary
-    xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
-except ImportError:
-    xmlsec_path = '/usr/bin/xmlsec1'
-
+sec_config = config.Config()
+sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])

 ONTS = {
    saml.NAMESPACE: saml,
@@ -86,7 +84,7 @@ def _fix_valid_until(xmlstring):

 def test_swami_1():
    UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php'
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["1"])
@@ -119,7 +117,7 @@ def test_swami_1():
                

 def test_incommon_1():
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["2"])
@@ -157,7 +155,7 @@ def test_incommon_1():


 def test_ext_2():
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["3"])
@@ -170,7 +168,7 @@ def test_ext_2():


 def test_example():
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["4"])
@@ -186,7 +184,7 @@ def test_example():


 def test_switch_1():
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["5"])
@@ -214,7 +212,7 @@ def test_switch_1():


 def test_sp_metadata():
-    mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path,
+    mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
                        disable_ssl_certificate_validation=True)

    mds.imp(METADATACONF["6"])
--- a/tests/test_31_config.py
+++ b/tests/test_31_config.py
@@ -26,8 +26,8 @@ sp1 = {
            }
        }
    },
-    "key_file" : "mykey.pem",
-    "cert_file" : "mycert.pem",
+    "key_file" : "test.key",
+    "cert_file" : "test.pem",
    #"xmlsec_binary" : "/opt/local/bin/xmlsec1",
    "metadata": { 
        "local": ["metadata.xml",