From 6c1b963a6477eb363ea74658efc1be93ae708479 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland.hedberg@adm.umu.se>
Date: Tue, 23 Sep 2014 14:12:03 +0200
Subject: [PATCH] Added a needed method on the MetaData class level.

---
 src/saml2/mdstore.py     | 41 ++++++++++++++++++++++++++++++++++++++++
 tests/test_30_mdstore.py | 15 +++++++++++++--
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py
index 8f76faf..5936338 100644
--- a/src/saml2/mdstore.py
+++ b/src/saml2/mdstore.py
@@ -391,6 +391,45 @@ class MetaData(object):
 
         return True
 
+    def certs(self, entity_id, descriptor, use="signing"):
+        ent = self.__getitem__(entity_id)
+        if descriptor == "any":
+            res = []
+            for descr in ["spsso", "idpsso", "role", "authn_authority",
+                          "attribute_authority", "pdp"]:
+                try:
+                    srvs = ent["%s_descriptor" % descr]
+                except KeyError:
+                    continue
+
+                for srv in srvs:
+                    for key in srv["key_descriptor"]:
+                        if "use" in key and key["use"] == use:
+                            for dat in key["key_info"]["x509_data"]:
+                                cert = repack_cert(
+                                    dat["x509_certificate"]["text"])
+                                if cert not in res:
+                                    res.append(cert)
+                        elif not "use" in key:
+                            for dat in key["key_info"]["x509_data"]:
+                                cert = repack_cert(
+                                    dat["x509_certificate"]["text"])
+                                if cert not in res:
+                                    res.append(cert)
+        else:
+            srvs = ent["%s_descriptor" % descriptor]
+
+            res = []
+            for srv in srvs:
+                for key in srv["key_descriptor"]:
+                    if "use" in key and key["use"] == use:
+                        for dat in key["key_info"]["x509_data"]:
+                            res.append(dat["x509_certificate"]["text"])
+                    elif not "use" in key:
+                        for dat in key["key_info"]["x509_data"]:
+                            res.append(dat["x509_certificate"]["text"])
+        return res
+
 
 class MetaDataFile(MetaData):
     """
@@ -557,6 +596,7 @@ class MetaDataMDX(MetaData):
                                   md.EntitiesDescriptor.c_tag)
 
                 _txt = response.text.encode("utf-8")
+
                 if self.cert:
                     if self.security.verify_signature(_txt,
                                                       node_name=node_name,
@@ -571,6 +611,7 @@ class MetaDataMDX(MetaData):
             raise KeyError
 
 
+
 class MetadataStore(object):
     def __init__(self, onts, attrc, config, ca_certs=None,
                  check_validity=True,
diff --git a/tests/test_30_mdstore.py b/tests/test_30_mdstore.py
index 7eb2878..82ac990 100644
--- a/tests/test_30_mdstore.py
+++ b/tests/test_30_mdstore.py
@@ -226,7 +226,7 @@ def test_metadata_file():
     assert len(mds.keys()) == 560
 
 
-def test_mdx():
+def test_mdx_service():
     sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
     http = HTTPBase(verify=False, ca_bundle=None)
 
@@ -238,5 +238,16 @@ def test_mdx():
     assert len(foo) == 1
     assert foo.keys()[0] == BINDING_HTTP_REDIRECT
 
+
+def test_mdx_certs():
+    sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
+    http = HTTPBase(verify=False, ca_bundle=None)
+
+    mdx = MetaDataMDX(ONTS.values(), ATTRCONV, "http://pyff-test.nordu.net",
+                      sec_config, None, http)
+    foo = mdx.certs("https://idp.umu.se/saml2/idp/metadata.php", "idpsso")
+
+    assert len(foo) == 1
+
 if __name__ == "__main__":
-    test_mdx()
+    test_mdx_certs()