openstack/deb-python-pysaml2
Code Issues Proposed changes

Pylint and autumn cleaning

Browse Source
This commit is contained in:
Roland Hedberg
2009-10-15 09:50:13 +02:00
parent f027e7ccab
commit 70e299f27c
9 changed files with 534 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/saml2/__init__.py
View File

@@ -38,9 +38,9 @@ except ImportError:
except ImportError:
from elementtree import ElementTree
SAML_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion'
SAML_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s'
XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance'
NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion'
#TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s'
#XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance'
NAMEID_FORMAT_EMAILADDRESS = (
"urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress")
@@ -438,3 +438,14 @@ class SamlBase(ExtensionContainer):
self.__dict__[extension_attribute_name] = value
def extension_element_to_element(extension_element, element_to_string,
namespace=None):
if extension_element.namespace == namespace:
try:
ets = element_to_string[extension_element.tag]
return ets(extension_element.to_string())
except KeyError:
pass
return None

20
src/saml2/client.py
View File

@@ -9,12 +9,8 @@ except ImportError:
from md5 import md5
import zlib
from subprocess import Popen, PIPE
from saml2 import samlp, saml, metadata
from saml2 import samlp, saml
from saml2.sigver import correctly_signed_response
from saml2.metadata import cert_from_assertion
#from saml2.metadata import load_certs_to_manager
DEFAULT_BINDING = saml2.BINDING_HTTP_REDIRECT
@@ -323,7 +319,7 @@ class Saml2Client:
def init_request(self, request, destination):
request.id = _sid()
request.version = "2.0"
request.issue_instant = date_and_time()
request.issue_instant = get_date_and_time()
request.destination = destination
return request
@@ -342,11 +338,11 @@ class Saml2Client:
:return: An AttributeQuery instance
"""
attr_query = self.init_request(samlp.AttributeQuery())
attr_query = self.init_request(samlp.AttributeQuery(), destination)
subject = samlp.Subject()
name_id = samlp.NameID()
name_id.format = NAMEID_FORMAT_PERSISTENT
subject = saml.Subject()
name_id = saml.NameID()
name_id.format = saml.NAMEID_FORMAT_PERSISTENT
if name_qualifier:
name_id.name_qualifier = name_qualifier
if sp_name_qualifier:
@@ -357,7 +353,7 @@ class Saml2Client:
attr_query.subject = subject
if attribute:
attrs = []
for attr,values in attribute.items():
for attr, values in attribute.items():
sattr = saml.Attribute()
sattr.name = attr
#sattr.name_format = NAME_FORMAT_UNSPECIFIED
@@ -400,7 +396,7 @@ class Saml2Client:
logout_req = self.init_request(samlp.LogoutRequest())
logout_req.session_index = _sid()
logout_req.base_id = samlp.BaseID(text=subject_id)
logout_req.base_id = saml.BaseID(text=subject_id)
if reason:
logout_req.reason = reason
if not_on_or_after:

169
src/saml2/md.py
View File

@@ -24,18 +24,20 @@
from saml2 import saml, SamlBase, create_class_from_xml_string
from saml2.saml import Attribute
from saml2.saml import NAMESPACE as SAML_NAMESPACE
import xmldsig as ds
from xmldsig import NAMESPACE as DS_NAMESPACE
from xmlenc import NAMESPACE as XMLENC_NAMESPACE
MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
MD_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:metadata}%s'
XMLENC_NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#'
NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata'
#MD_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:metadata}%s'
XML_TEMPLATE = '{http://www.w3.org/XML/1998/namespace}%s'
class Extensions(SamlBase):
"""The md:Extensions element"""
c_tag = 'Extensions'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -46,7 +48,7 @@ def extensions_from_string(xml_string):
class LocalizedName(SamlBase):
"""The md:LocalizedName abstract type"""
c_tag = 'LocalizedName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes[XML_TEMPLATE % 'lang'] = 'lang'
@@ -71,7 +73,7 @@ def localized_name_from_string(xml_string):
class LocalizedURI(SamlBase):
"""The md:LocalizedURI abstract type"""
c_tag = 'LocalizedURI'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes[XML_TEMPLATE % 'lang'] = 'lang'
@@ -97,7 +99,7 @@ def localized_uri_from_string(xml_string):
class OrganizationName(LocalizedName):
"""The md:OrganizationName element"""
c_tag = 'OrganizationName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = LocalizedName.c_children.copy()
c_attributes = LocalizedName.c_attributes.copy()
@@ -123,7 +125,7 @@ def organization_name_from_string(xml_string):
class OrganizationDisplayName(LocalizedName):
"""The md:OrganizationDisplayName element"""
c_tag = 'OrganizationDisplayName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = LocalizedName.c_children.copy()
c_attributes = LocalizedName.c_attributes.copy()
@@ -149,7 +151,7 @@ def organization_display_name_from_string(xml_string):
class OrganizationURL(LocalizedURI):
"""The md:OrganizationURL element"""
c_tag = 'OrganizationURL'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = LocalizedURI.c_children.copy()
c_attributes = LocalizedURI.c_attributes.copy()
@@ -176,15 +178,15 @@ class Organization(SamlBase):
"""The md:Organization base type"""
c_tag = 'Organization'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions)
c_children['{%s}OrganizationName' % MD_NAMESPACE] = (
c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions)
c_children['{%s}OrganizationName' % NAMESPACE] = (
'organization_name', [OrganizationName])
c_children['{%s}OrganizationDisplayName' % MD_NAMESPACE] = (
c_children['{%s}OrganizationDisplayName' % NAMESPACE] = (
'organization_display_name', [OrganizationDisplayName])
c_children['{%s}OrganizationURL' % MD_NAMESPACE] = (
c_children['{%s}OrganizationURL' % NAMESPACE] = (
'organization_url', [OrganizationURL])
child_order = ['extensions', 'organization_name',
'organization_display_name', 'organization_url']
@@ -218,7 +220,7 @@ class Endpoint(SamlBase):
"""The md:Endpoint base type"""
c_tag = 'Endpoint'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Binding'] = 'binding'
@@ -251,7 +253,7 @@ class IndexedEndpoint(Endpoint):
"""The md:IndexedEndpoint base type"""
c_tag = 'IndexedEndpoint'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = Endpoint.c_children.copy()
c_attributes = Endpoint.c_attributes.copy()
c_attributes['index'] = 'index'
@@ -286,7 +288,7 @@ class Company(SamlBase):
"""The md:Company element"""
c_tag = 'Company'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -299,7 +301,7 @@ class GivenName(SamlBase):
"""The md:GivenName element"""
c_tag = 'GivenName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -312,7 +314,7 @@ class SurName(SamlBase):
"""The md:SurName element"""
c_tag = 'SurName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -325,7 +327,7 @@ class EmailAddress(SamlBase):
"""The md:EmailAddress element"""
c_tag = 'EmailAddress'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -338,7 +340,7 @@ class TelephoneNumber(SamlBase):
"""The md:TelephoneNumber element"""
c_tag = 'TelephoneNumber'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -351,17 +353,17 @@ class ContactPerson(SamlBase):
"""The md:ContactPerson element"""
c_tag = 'ContactPerson'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['contactType'] = 'contact_type'
c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions)
c_children['{%s}Company' % MD_NAMESPACE] = ('company', Company)
c_children['{%s}GivenName' % MD_NAMESPACE] = ('given_name', GivenName)
c_children['{%s}SurName' % MD_NAMESPACE] = ('sur_name', SurName)
c_children['{%s}EmailAddress' % MD_NAMESPACE] = (
c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions)
c_children['{%s}Company' % NAMESPACE] = ('company', Company)
c_children['{%s}GivenName' % NAMESPACE] = ('given_name', GivenName)
c_children['{%s}SurName' % NAMESPACE] = ('sur_name', SurName)
c_children['{%s}EmailAddress' % NAMESPACE] = (
'email_address', [EmailAddress])
c_children['{%s}TelephoneNumber' % MD_NAMESPACE] = (
c_children['{%s}TelephoneNumber' % NAMESPACE] = (
'telephone_number', [TelephoneNumber])
c_child_order = ['extensions', 'company', 'given_name', 'sur_name',
'email_address', 'telephone_number']
@@ -402,7 +404,7 @@ class AdditionalMetadataLocation(SamlBase):
"""The md:AdditionalMetadataLocation element"""
c_tag = 'AdditionalMetadataLocation'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['namespace'] = 'namespace'
@@ -455,14 +457,14 @@ class EncryptionMethod(SamlBase):
"""The md:EncryptionMethod element"""
c_tag = 'EncryptionMethod'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Algorithm'] = 'algorithm'
c_children['{%s}KeySize' % XMLENC_NAMESPACE] = ('key_size', KeySize)
c_children['{%s}OAEPparams' % XMLENC_NAMESPACE] = (
'oaep_params', OAEPparams)
c_children['{%s}DigestMethod' % ds.DS_NAMESPACE] = (
c_children['{%s}DigestMethod' % DS_NAMESPACE] = (
'digest_method', ds.DigestMethod)
c_child_order = ['key_size', 'oaep_params', 'digest_method']
@@ -495,12 +497,12 @@ class KeyDescriptor(SamlBase):
"""The md:KeyDescriptor element"""
c_tag = 'KeyDescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['use'] = 'use'
c_children['{%s}KeyInfo' % ds.DS_NAMESPACE] = ('key_info', ds.KeyInfo)
c_children['{%s}EncryptionMethod' % MD_NAMESPACE] = (
c_children['{%s}KeyInfo' % DS_NAMESPACE] = ('key_info', ds.KeyInfo)
c_children['{%s}EncryptionMethod' % NAMESPACE] = (
'encryption_method', [EncryptionMethod])
c_child_order = ['key_info', 'encryption_method']
@@ -531,7 +533,7 @@ class RoleDescriptor(SamlBase):
"""The md:RoleDescriptor element"""
c_tag = 'RoleDescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['ID'] = 'identifier'
@@ -539,13 +541,13 @@ class RoleDescriptor(SamlBase):
c_attributes['cacheDuration'] = 'cache_duration'
c_attributes['protocolSupportEnumeration'] = 'protocol_support_enumeration'
c_attributes['errorURL'] = 'error_url'
c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions)
c_children['{%s}KeyDescriptor' % MD_NAMESPACE] = (
c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions)
c_children['{%s}KeyDescriptor' % NAMESPACE] = (
'key_descriptor', [KeyDescriptor])
c_children['{%s}Organization' % MD_NAMESPACE] = (
c_children['{%s}Organization' % NAMESPACE] = (
'organization', Organization)
c_children['{%s}ContactPerson' % MD_NAMESPACE] = (
c_children['{%s}ContactPerson' % NAMESPACE] = (
'contact_person', [ContactPerson])
c_child_order = ['signature', 'extensions', 'key_descriptor',
'organization', 'contact_person']
@@ -629,7 +631,7 @@ class NameIDFormat(SamlBase):
"""The md:NameIDFormat element"""
c_tag = 'NameIDFormat'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -642,16 +644,16 @@ class SSODescriptor(RoleDescriptor):
"""The md:SSODescriptor element"""
c_tag = 'SSODescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = RoleDescriptor.c_children.copy()
c_attributes = RoleDescriptor.c_attributes.copy()
c_children['{%s}ArtifactResolutionService' % MD_NAMESPACE] = (
c_children['{%s}ArtifactResolutionService' % NAMESPACE] = (
'artifact_resolution_service', [ArtifactResolutionService])
c_children['{%s}SingleLogoutService' % MD_NAMESPACE] = (
c_children['{%s}SingleLogoutService' % NAMESPACE] = (
'single_logout_service', [SingleLogoutService])
c_children['{%s}ManageNameIDService' % MD_NAMESPACE] = (
c_children['{%s}ManageNameIDService' % NAMESPACE] = (
'manage_name_id_service', [ManageNameIDService])
c_children['{%s}NameIDFormat' % MD_NAMESPACE] = (
c_children['{%s}NameIDFormat' % NAMESPACE] = (
'name_id_format', [NameIDFormat])
c_child_order = ['signature', 'extensions', 'key_descriptor',
@@ -734,7 +736,7 @@ class AttributeProfile(SamlBase):
"""The md:AttributeProfile element"""
c_tag = 'AttributeProfile'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -747,19 +749,19 @@ class IDPSSODescriptor(SSODescriptor):
"""The md:IDPSSODescriptor element"""
c_tag = 'IDPSSODescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SSODescriptor.c_children.copy()
c_attributes = SSODescriptor.c_attributes.copy()
c_attributes['WantAuthnRequestsSigned'] = 'want_authn_requests_signed'
c_children['{%s}SingleSignOnService' % MD_NAMESPACE] = (
c_children['{%s}SingleSignOnService' % NAMESPACE] = (
'single_sign_on_service', [SingleSignOnService])
c_children['{%s}NameIDMappingService' % MD_NAMESPACE] = (
c_children['{%s}NameIDMappingService' % NAMESPACE] = (
'name_id_mapping_service', [NameIDMappingService])
c_children['{%s}AssertionIDRequestService' % MD_NAMESPACE] = (
c_children['{%s}AssertionIDRequestService' % NAMESPACE] = (
'assertion_id_request_service', [AssertionIDRequestService])
c_children['{%s}AttributeProfile' % MD_NAMESPACE] = (
c_children['{%s}AttributeProfile' % NAMESPACE] = (
'attribute_profile', [AttributeProfile])
c_children['{%s}Attribute' % saml.SAML_NAMESPACE] = (
c_children['{%s}Attribute' % SAML_NAMESPACE] = (
'attribute', [Attribute])
c_child_order = ['signature', 'extensions', 'key_descriptor',
@@ -831,7 +833,7 @@ def idpsso_descriptor_from_string(xml_string):
class RequestedAttribute(Attribute):
c_tag = 'RequestedAttribute'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = Attribute.c_children.copy()
c_attributes = Attribute.c_attributes.copy()
c_attributes['isRequired'] = 'is_required'
@@ -864,7 +866,7 @@ def requested_attribute_from_string(xml_string):
class ServiceName(LocalizedName):
"""The md:ServiceName element"""
c_tag = 'ServiceName'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = LocalizedName.c_children.copy()
c_attributes = LocalizedName.c_attributes.copy()
@@ -889,7 +891,7 @@ def service_name_from_string(xml_string):
class ServiceDescription(LocalizedName):
"""The md:ServiceDescription element"""
c_tag = 'ServiceDescription'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = LocalizedName.c_children.copy()
c_attributes = LocalizedName.c_attributes.copy()
@@ -915,16 +917,16 @@ class AttributeConsumingService(SamlBase):
"""The md:AttributeConsumingService element"""
c_tag = 'AttributeConsumingService'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['index'] = 'index'
c_attributes['isDefault'] = 'is_default'
c_children['{%s}ServiceName' % MD_NAMESPACE] = (
c_children['{%s}ServiceName' % NAMESPACE] = (
'service_name', [ServiceName])
c_children['{%s}ServiceDescription' % MD_NAMESPACE] = (
c_children['{%s}ServiceDescription' % NAMESPACE] = (
'service_description', [ServiceDescription])
c_children['{%s}RequestedAttribute' % MD_NAMESPACE] = (
c_children['{%s}RequestedAttribute' % NAMESPACE] = (
'requested_attribute', [RequestedAttribute])
c_child_order = ['service_name', 'service_description',
'requested_attribute']
@@ -961,14 +963,14 @@ class SPSSODescriptor(SSODescriptor):
"""The md:SPSSODescriptor element"""
c_tag = 'SPSSODescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SSODescriptor.c_children.copy()
c_attributes = SSODescriptor.c_attributes.copy()
c_attributes['AuthnRequestsSigned'] = 'authn_requests_signed'
c_attributes['WantAssertionsSigned'] = 'want_assertions_signed'
c_children['{%s}AssertionConsumerService' % MD_NAMESPACE] = (
c_children['{%s}AssertionConsumerService' % NAMESPACE] = (
'assertion_consumer_service', [AssertionConsumerService])
c_children['{%s}AttributeConsumingService' % MD_NAMESPACE] = (
c_children['{%s}AttributeConsumingService' % NAMESPACE] = (
'attribute_consuming_service', [AttributeConsumingService])
c_child_order = ['signature', 'extensions', 'key_descriptor',
@@ -994,7 +996,8 @@ class SPSSODescriptor(SSODescriptor):
:param identifier: ID attribute
:param valid_until: validUntil attribute
:param cache_duration: cacheDuration attribute
:param protocol_support_enumeration: protocolSupportEnumeration attribute
:param protocol_support_enumeration: protocolSupportEnumeration
attribute
:param error_url: errorURL attribute
:param signature: ds:Signature element
:param extensions: Extensions element
@@ -1011,12 +1014,14 @@ class SPSSODescriptor(SSODescriptor):
:param attribute_consuming_service: AttributeConsumingService elements
:param text: The text data in the this element
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value string pairs
:param extension_attributes: A dictionary of attribute value string
pairs
"""
SSODescriptor.__init__(self, artifact_resolution_service,
single_logout_service, manage_name_id_service,
name_id_format, identifier, valid_until, cache_duration,
protocol_support_enumeration, error_url, signature,
name_id_format, identifier, valid_until,
cache_duration, protocol_support_enumeration,
error_url, signature,
extensions, key_descriptor, organization,
contact_person, text, extension_elements,
extension_attributes)
@@ -1038,28 +1043,28 @@ class EntityDescriptor(SamlBase):
# AffiliationDescriptor is not implemented yet
c_tag = 'EntityDescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['entityID'] = 'entity_id'
c_attributes['ID'] = 'identifier'
c_attributes['validUntil'] = 'valid_until'
c_attributes['cacheDuration'] = 'cache_duration'
c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions)
c_children['{%s}RoleDescriptor' % MD_NAMESPACE] = (
c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions)
c_children['{%s}RoleDescriptor' % NAMESPACE] = (
'role_descriptor', [RoleDescriptor])
c_children['{%s}IDPSSODescriptor' % MD_NAMESPACE] = (
c_children['{%s}IDPSSODescriptor' % NAMESPACE] = (
'idp_sso_descriptor', [IDPSSODescriptor])
c_children['{%s}SPSSODescriptor' % MD_NAMESPACE] = (
c_children['{%s}SPSSODescriptor' % NAMESPACE] = (
'sp_sso_descriptor', [SPSSODescriptor])
c_children['{%s}Organization' % MD_NAMESPACE] = (
c_children['{%s}Organization' % NAMESPACE] = (
'organization', Organization)
c_children['{%s}ContactPerson' % MD_NAMESPACE] = (
c_children['{%s}ContactPerson' % NAMESPACE] = (
'contact_person', [ContactPerson])
c_children['{%s}ContactPerson' % MD_NAMESPACE] = (
c_children['{%s}ContactPerson' % NAMESPACE] = (
'contact_person', [ContactPerson])
c_children['{%s}AdditionalMetadataLocation' % MD_NAMESPACE] = (
c_children['{%s}AdditionalMetadataLocation' % NAMESPACE] = (
'additional_metadata_location', [AdditionalMetadataLocation])
c_child_order = ['signature', 'extensions', 'role_descriptor',
'idp_sso_descriptor', 'sp_sso_descriptor', 'organization',
@@ -1113,16 +1118,16 @@ class EntitiesDescriptor(SamlBase):
"""The md:EntitiesDescriptor element"""
c_tag = 'EntitiesDescriptor'
c_namespace = MD_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['name'] = 'name'
c_attributes['ID'] = 'identifier'
c_attributes['validUntil'] = 'valid_until'
c_attributes['cacheDuration'] = 'cache_duration'
c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions)
c_children['{%s}EntityDescriptor' % MD_NAMESPACE] = (
c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions)
c_children['{%s}EntityDescriptor' % NAMESPACE] = (
'entity_descriptor', [EntityDescriptor])
c_child_order = ['signature', 'extensions', 'entity_descriptor',
'entities_descriptor']
@@ -1156,7 +1161,7 @@ class EntitiesDescriptor(SamlBase):
self.entity_descriptor = entity_descriptor or []
self.entities_descriptor = entities_descriptor or []
EntitiesDescriptor.c_children['{%s}EntitiesDescriptor' % MD_NAMESPACE] = (
EntitiesDescriptor.c_children['{%s}EntitiesDescriptor' % NAMESPACE] = (
'entities_descriptor', [EntitiesDescriptor])
def entities_descriptor_from_string(xml_string):

12
src/saml2/metadata.py
View File

@@ -49,8 +49,10 @@ class MetaData(dict):
def __init_(self, arg=None):
dict.__init__(self, arg)
self._loc_key = {}
self._loc_bind = {}
def import_metadata(self,xml_str):
def import_metadata(self, xml_str):
""" Import information; organization distinguish name, location and
certificates from a metadata file.
@@ -68,7 +70,8 @@ class MetaData(dict):
#print "--",len(entity_descriptor.idp_sso_descriptor)
for idp in entity_descriptor.idp_sso_descriptor:
if samlp.SAMLP_NAMESPACE not in idp.protocol_support_enumeration.split(" "):
if samlp.SAMLP_NAMESPACE not in \
idp.protocol_support_enumeration.split(" "):
#print "<<<", idp.protocol_support_enumeration
continue
@@ -142,7 +145,8 @@ def cert_from_assertion(assertion):
def make_entity_description():
org = md.Organization(
organization_name = [md.Organization(text="Example Inc.")],
organization_url = [md.OrganizationURL(text="http://www.example.com/")])
organization_url = [md.OrganizationURL(
text="http://www.example.com/")])
spsso = md.SPSSODescriptor(
protocolSupportEnumeration = samlp.SAMLP_NAMESPACE,
@@ -150,7 +154,7 @@ def make_entity_description():
authn_requests_signed = False
)
return md.EntityDescription(
return md.EntityDescriptor(
entity_id = "http://xenosmilus.umdc.umu.se:8087/",
organization = org,
sp_sso_descriptor = [spsso]

199
src/saml2/saml.py
View File

@@ -29,8 +29,7 @@ import xmldsig as ds
import saml2
from saml2 import SamlBase
SAML_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion'
SAML_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s'
NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion'
XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance'
NAMEID_FORMAT_EMAILADDRESS = (
@@ -66,7 +65,7 @@ class BaseID(SamlBase):
""" The saml:BaseID element """
c_tag = 'BaseID'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['NameQualifier'] = 'name_qualifier'
@@ -103,7 +102,7 @@ class NameID(BaseID):
"""The saml:NameID element"""
c_tag = 'NameID'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = BaseID.c_children.copy()
c_attributes = BaseID.c_attributes.copy()
c_attributes['Format'] = 'name_format'
@@ -144,7 +143,7 @@ def name_id_from_string(xml_string):
class EncryptedID(SamlBase):
"""The saml:EncryptedID element"""
c_tag = 'EncryptedID'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -178,7 +177,7 @@ class AssertionIDRef(SamlBase):
"""The saml:AssertionIDRef element makes a reference to a SAML assertion
by its unique identifier."""
c_tag = 'AssertionIDRef'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -194,7 +193,7 @@ class AssertionURIRef(SamlBase):
"""The saml:AssertionURIRef element makes a reference to a SAML assertion
by URI reference."""
c_tag = 'AssertionURIRef'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -212,7 +211,7 @@ class EncryptedAssertion(SamlBase):
Processing specification"""
c_tag = 'EncryptedAssertion'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -233,7 +232,7 @@ class SubjectConfirmationData(SamlBase):
under which the act of subject confirmation can take place"""
c_tag = 'SubjectConfirmationData'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['NotBefore'] = 'not_before'
@@ -293,25 +292,25 @@ class SubjectConfirmation(SamlBase):
the party with whom the relying party is communicating."""
c_tag = 'SubjectConfirmation'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Method'] = 'method'
c_children['{%s}BaseID' % SAML_NAMESPACE] = ('base_id', BaseID)
c_children['{%s}NameID' % SAML_NAMESPACE] = ('name_id', NameID)
c_children['{%s}EncryptedID' % SAML_NAMESPACE] = ('encrypted_id',
c_children['{%s}BaseID' % NAMESPACE] = ('base_id', BaseID)
c_children['{%s}NameID' % NAMESPACE] = ('name_id', NameID)
c_children['{%s}EncryptedID' % NAMESPACE] = ('encrypted_id',
EncryptedID)
c_children['{%s}SubjectConfirmationData' % SAML_NAMESPACE] = (
c_children['{%s}SubjectConfirmationData' % NAMESPACE] = (
'subject_confirmation_data', SubjectConfirmationData)
c_child_order = ['base_id', 'name_id', 'encrypted_id',
'subject_confirmation_data']
def __init__(self, method=None, name_id=None,
def __init__(self, base_id=None, name_id=None, encrypted_id=None,
subject_confirmation_data=None, text=None,
extension_elements=None, extension_attributes=None):
"""Constructor for SubjectConfirmation
:param method: Method attribute
:param base_id: Method attribute
:param name_id: NameID element
:param subject_confirmation_data: SubjectConfirmationData element
:param text: The text data in this element
@@ -321,8 +320,9 @@ class SubjectConfirmation(SamlBase):
"""
SamlBase.__init__(self, text, extension_elements, extension_attributes)
self.method = method
self.base_id = base_id
self.name_id = name_id
self.encrypted_id = encrypted_id
self.subject_confirmation_data = subject_confirmation_data
def subject_confirmation_from_string(xml_string):
@@ -335,14 +335,13 @@ def subject_confirmation_from_string(xml_string):
class Subject(SamlBase):
"""The saml:Subject element"""
# TODO: BaseID, EncryptedID element
c_tag = 'Subject'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_children['{%s}NameID' % SAML_NAMESPACE] = ('name_id', NameID)
c_children['{%s}SubjectConfirmation' % SAML_NAMESPACE] = (
c_children['{%s}NameID' % NAMESPACE] = ('name_id', NameID)
c_children['{%s}SubjectConfirmation' % NAMESPACE] = (
'subject_confirmation', [SubjectConfirmation])
c_child_order = ['name_id', 'subject_confirmation']
@@ -375,7 +374,7 @@ class Condition(SamlBase):
"""The saml:Condition element"""
c_tag = 'Condition'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -393,7 +392,7 @@ class Audience(SamlBase):
audience."""
c_tag = 'Audience'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -411,10 +410,10 @@ class AudienceRestriction(Condition):
elements."""
c_tag = 'AudienceRestriction'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = Condition.c_children.copy()
c_attributes = Condition.c_attributes.copy()
c_children['{%s}Audience' % SAML_NAMESPACE] = ('audience', Audience)
c_children['{%s}Audience' % NAMESPACE] = ('audience', Audience)
def __init__(self, audience=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -427,7 +426,7 @@ class AudienceRestriction(Condition):
pairs
"""
Condition.__init__(self, text,extension_elements,
Condition.__init__(self, text, extension_elements,
extension_attributes)
self.audience = audience
@@ -465,11 +464,11 @@ class ProxyRestriction(Condition):
of the information contained in the original assertion."""
c_tag = 'ProxyRestriction'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = Condition.c_children.copy()
c_attributes = Condition.c_attributes.copy()
c_attributes['Count'] = 'count'
c_children['{%s}Audience' % SAML_NAMESPACE] = ('audience', [Audience])
c_children['{%s}Audience' % NAMESPACE] = ('audience', [Audience])
def __init__(self, count=None, audience=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -501,17 +500,17 @@ class Conditions(SamlBase):
"""The saml:Conditions element"""
c_tag = 'Conditions'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['NotBefore'] = 'not_before'
c_attributes['NotOnOrAfter'] = 'not_on_or_after'
c_children['{%s}Condition' % SAML_NAMESPACE] = ('condition', [Condition])
c_children['{%s}AudienceRestriction' % SAML_NAMESPACE] = (
c_children['{%s}Condition' % NAMESPACE] = ('condition', [Condition])
c_children['{%s}AudienceRestriction' % NAMESPACE] = (
'audience_restriction', [AudienceRestriction])
c_children['{%s}OneTimeUse' % SAML_NAMESPACE] = (
c_children['{%s}OneTimeUse' % NAMESPACE] = (
'one_time_use', [OneTimeUse])
c_children['{%s}ProxyRestriction' % SAML_NAMESPACE] = (
c_children['{%s}ProxyRestriction' % NAMESPACE] = (
'proxy_restriction', [ProxyRestriction])
c_child_order = ['condition', 'audience_restriction', 'one_time_use',
'proxy_restriction']
@@ -565,7 +564,7 @@ class Statement(SamlBase):
assertion-based applications to reuse the SAML assertion framework."""
c_tag = 'Statement'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -581,7 +580,7 @@ class SubjectLocality(SamlBase):
"""The saml:SubjectLocality element"""
c_tag = 'SubjectLocality'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Address'] = 'address'
@@ -613,7 +612,7 @@ class AuthnContextClassRef(SamlBase):
"""The saml:AuthnContextClassRef element"""
c_tag = 'AuthnContextClassRef'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -626,7 +625,7 @@ class AuthnContextDeclRef(SamlBase):
"""The saml:AuthnContextDeclRef element"""
c_tag = 'AuthnContextDeclRef'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -639,7 +638,7 @@ class AuthnContextDecl(SamlBase):
"""The saml:AuthnContextDecl element"""
c_tag = 'AuthnContextDecl'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -652,7 +651,7 @@ class AuthenticatingAuthority(SamlBase):
"""The saml:AuthenticatingAuthority element"""
c_tag = 'AuthenticatingAuthority'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -666,16 +665,16 @@ class AuthnContext(SamlBase):
"""The saml:AuthnContext element"""
c_tag = 'AuthnContext'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_children['{%s}AuthnContextClassRef' % SAML_NAMESPACE] = (
c_children['{%s}AuthnContextClassRef' % NAMESPACE] = (
'authn_context_class_ref', AuthnContextClassRef)
c_children['{%s}AuthnContextDeclRef' % SAML_NAMESPACE] = (
c_children['{%s}AuthnContextDeclRef' % NAMESPACE] = (
'authn_context_decl_ref', AuthnContextDeclRef)
c_children['{%s}AuthnContextDecl' % SAML_NAMESPACE] = (
c_children['{%s}AuthnContextDecl' % NAMESPACE] = (
'authn_context_decl', AuthnContextDecl)
c_children['{%s}AuthenticatingAuthority' % SAML_NAMESPACE] = (
c_children['{%s}AuthenticatingAuthority' % NAMESPACE] = (
'authenticating_authority', [AuthenticatingAuthority])
c_child_order = ['authn_context_class_ref',
'authn_context_decl', 'authn_context_decl_ref',
@@ -725,15 +724,15 @@ class AuthnStatement(Statement):
"""The saml:AuthnStatement element"""
c_tag = 'AuthnStatement'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = Statement.c_children.copy()
c_attributes = Statement.c_attributes.copy()
c_attributes['AuthnInstant'] = 'authn_instant'
c_attributes['SessionIndex'] = 'session_index'
c_attributes['SessionNotOnOrAfter'] = 'session_not_on_or_after'
c_children['{%s}SubjectLocality' % SAML_NAMESPACE] = (
c_children['{%s}SubjectLocality' % NAMESPACE] = (
'subject_locality', SubjectLocality)
c_children['{%s}AuthnContext' % SAML_NAMESPACE] = (
c_children['{%s}AuthnContext' % NAMESPACE] = (
'authn_context', AuthnContext)
c_child_order = ['subject_locality', 'authn_context']
@@ -784,7 +783,7 @@ class AttributeValue(SamlBase):
attribute."""
c_tag = 'AttributeValue'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -803,7 +802,7 @@ class EncryptedAttribute(SamlBase):
specification."""
c_tag = 'EncryptedAttribute'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
@@ -819,13 +818,13 @@ class Attribute(SamlBase):
"""The saml:Attribute element"""
c_tag = 'Attribute'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Name'] = 'name'
c_attributes['NameFormat'] = 'name_format'
c_attributes['FriendlyName'] = 'friendly_name'
c_children['{%s}AttributeValue' % SAML_NAMESPACE] = ('attribute_value',
c_children['{%s}AttributeValue' % NAMESPACE] = ('attribute_value',
[AttributeValue])
def __init__(self, name=None, name_format=None, friendly_name=None,
@@ -868,13 +867,12 @@ class AttributeStatement(Statement):
authority asserting that the assertion subject is associated with the
specified attributes."""
# TODO: EncryptedAttribute
c_tag = 'AttributeStatement'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = Statement.c_children.copy()
c_attributes = Statement.c_attributes.copy()
c_children['{%s}Attribute' % SAML_NAMESPACE] = ('attribute', [Attribute])
c_children['{%s}EncryptedAttribute' % SAML_NAMESPACE] = (
c_children['{%s}Attribute' % NAMESPACE] = ('attribute', [Attribute])
c_children['{%s}EncryptedAttribute' % NAMESPACE] = (
'encrypted_attribute', [EncryptedAttribute])
c_child_order = ['attribute', 'encrypted_attribute']
@@ -908,7 +906,7 @@ class Action(SamlBase):
for which permission is sought."""
c_tag = 'Action'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Namespace'] = 'namespace'
@@ -943,16 +941,16 @@ class Evidence(SamlBase):
the authorization decision."""
c_tag = 'Evidence'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_children['{%s}AssertionIDRef' % SAML_NAMESPACE] = ('assertion_id_ref',
c_children['{%s}AssertionIDRef' % NAMESPACE] = ('assertion_id_ref',
[AssertionIDRef])
c_children['{%s}AssertionURIRef' % SAML_NAMESPACE] = ('assertion_uri_ref',
c_children['{%s}AssertionURIRef' % NAMESPACE] = ('assertion_uri_ref',
[AssertionURIRef])
c_children['{%s}EncryptedAssertion' % SAML_NAMESPACE] = (
c_children['{%s}EncryptedAssertion' % NAMESPACE] = (
'encrypted_assertion', [EncryptedAssertion])
c_child_order = ['assertion_id_ref', 'assertion_uri_ref',
c_child_order = ['assertion_id_ref', 'assertion_uri_ref', 'assertion',
'encrypted_assertion']
def __init__(self, assertion_id_ref=None, assertion_uri_ref=None,
@@ -992,14 +990,14 @@ class AuthzDecisionStatement(Statement):
decision on the basis of some optionally specified evidence."""
c_tag = 'AuthzDecisionStatement'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = Statement.c_children.copy()
c_attributes = Statement.c_attributes.copy()
c_attributes['Resource'] = 'resource'
c_attributes['Decision'] = 'decision'
c_children['{%s}Action' % SAML_NAMESPACE] = ('action', [Action])
c_children['{%s}Evidence' % SAML_NAMESPACE] = ('evidence', [Evidence])
c_children['{%s}Action' % NAMESPACE] = ('action', [Action])
c_children['{%s}Evidence' % NAMESPACE] = ('evidence', [Evidence])
c_child_order = ['action', 'evidence']
def __init__(self, resource=None, decision=None, action=None,
@@ -1041,23 +1039,23 @@ def authz_decision_statement_from_string(xml_string):
class Assertion(SamlBase):
"""The saml:Assertion element"""
c_tag = 'Assertion'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Version'] = 'version'
c_attributes['ID'] = 'identifier'
c_attributes['IssueInstant'] = 'issue_instant'
c_children['{%s}Issuer' % SAML_NAMESPACE] = ('issuer', Issuer)
c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Subject' % SAML_NAMESPACE] = ('subject', Subject)
c_children['{%s}Conditions' % SAML_NAMESPACE] = ('conditions', Conditions)
#c_children['{%s}Advice' % SAML_NAMESPACE] = ('advice', Advice)
c_children['{%s}Statement' % SAML_NAMESPACE] = ('statement', [Statement])
c_children['{%s}AuthnStatement' % SAML_NAMESPACE] = (
c_children['{%s}Issuer' % NAMESPACE] = ('issuer', Issuer)
c_children['{%s}Signature' % ds.NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Subject' % NAMESPACE] = ('subject', Subject)
c_children['{%s}Conditions' % NAMESPACE] = ('conditions', Conditions)
#c_children['{%s}Advice' % NAMESPACE] = ('advice', Advice)
c_children['{%s}Statement' % NAMESPACE] = ('statement', [Statement])
c_children['{%s}AuthnStatement' % NAMESPACE] = (
'authn_statement', [AuthnStatement])
c_children['{%s}AuthzDecisionStatement' % SAML_NAMESPACE] = (
c_children['{%s}AuthzDecisionStatement' % NAMESPACE] = (
'authz_decision_statement', [AuthzDecisionStatement])
c_children['{%s}AttributeStatement' % SAML_NAMESPACE] = (
c_children['{%s}AttributeStatement' % NAMESPACE] = (
'attribute_statement', [AttributeStatement])
c_child_order = ['issuer', 'signature', 'subject', 'conditions', 'advice',
'statement', 'authn_statement', 'authz_decision_statement',
@@ -1124,7 +1122,7 @@ def assertion_from_string(xml_string):
""" Create Assertion instance from an XML string """
return saml2.create_class_from_xml_string(Assertion, xml_string)
Evidence.c_children['{%s}Assertion' % SAML_NAMESPACE] = (
Evidence.c_children['{%s}Assertion' % NAMESPACE] = (
'assertion', [Assertion])
# ---------------------------------------------------------------------------
@@ -1136,18 +1134,18 @@ class Advice(SamlBase):
SAML authority wishes to provide."""
c_tag = 'Advice'
c_namespace = SAML_NAMESPACE
c_namespace = NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_children['{%s}AssertionIDRef' % SAML_NAMESPACE] = ('assertion_id_ref',
c_children['{%s}AssertionIDRef' % NAMESPACE] = ('assertion_id_ref',
[AssertionIDRef])
c_children['{%s}AssertionURIRef' % SAML_NAMESPACE] = ('assertion_uri_ref',
c_children['{%s}AssertionURIRef' % NAMESPACE] = ('assertion_uri_ref',
[AssertionURIRef])
c_children['{%s}Assertion' % SAML_NAMESPACE] = ('assertion', [Assertion])
c_children['{%s}EncryptedAssertion' % SAML_NAMESPACE] = (
c_children['{%s}Assertion' % NAMESPACE] = ('assertion', [Assertion])
c_children['{%s}EncryptedAssertion' % NAMESPACE] = (
'encrypted_assertion', [EncryptedAssertion])
c_child_order = ['assertion_id_ref', 'assertion_uri_ref',
'statement', 'encrypted_assertion']
'assertion', 'encrypted_assertion']
def __init__(self, assertion_id_ref=None, assertion_uri_ref=None,
assertion=None, encrypted_assertion=None, text=None,
@@ -1174,4 +1172,41 @@ def advice_from_string(xml_string):
""" Create Advice instance from an XML string """
return saml2.create_class_from_xml_string(Advice, xml_string)
Assertion.c_children['{%s}Advice' % SAML_NAMESPACE] = ('advice', Advice)
Assertion.c_children['{%s}Advice' % NAMESPACE] = ('advice', Advice)
Evidence.c_children['{%s}Assertion' % NAMESPACE] = ('assertion', [Assertion])
ELEMENT_FROM_STRING = {
BaseID.c_tag: base_id_from_string,
NameID.c_tag: name_id_from_string,
EncryptedID.c_tag: encrypted_id_from_string,
Issuer.c_tag: issuer_from_string,
AssertionIDRef.c_tag: assertion_id_ref_from_string,
AssertionURIRef.c_tag: assertion_uri_ref_from_string,
EncryptedAssertion.c_tag: encrypted_assertion_from_string,
SubjectConfirmationData.c_tag: subject_confirmation_data_from_string,
SubjectConfirmation.c_tag: subject_confirmation_from_string,
Subject.c_tag: subject_from_string,
Condition.c_tag: condition_from_string,
Audience.c_tag: audience_from_string,
AudienceRestriction.c_tag: audience_restriction_from_string,
OneTimeUse.c_tag: one_time_use_from_string,
ProxyRestriction.c_tag: proxy_restriction_from_string,
Conditions.c_tag: conditions_from_string,
Statement.c_tag: statement_from_string,
SubjectLocality.c_tag: subject_locality_from_string,
AuthnContextClassRef.c_tag: authn_context_class_ref_from_string,
AuthnContextDeclRef.c_tag: authn_context_decl_ref_from_string,
AuthnContextDecl.c_tag: authn_context_decl_from_string,
AuthenticatingAuthority.c_tag: authenticating_authority_from_string,
AuthnContext.c_tag: authn_context_from_string,
AuthnStatement(Statement): authn_statement_from_string,
AttributeValue.c_tag: attribute_value_from_string,
EncryptedAttribute.c_tag: encrypted_attribute_from_string,
Attribute.c_tag: attribute_from_string,
AttributeStatement(Statement): attribute_statement_from_string,
Action.c_tag: action_from_string,
Evidence.c_tag: evidence_from_string,
AuthzDecisionStatement(Statement): authz_decision_statement_from_string,
Assertion.c_tag: assertion_from_string,
Advice.c_tag: advice_from_string,
}

198
src/saml2/samlp.py
View File

@@ -93,18 +93,18 @@ class AbstractRequest(SamlBase):
c_attributes['IssueInstant'] = 'issue_instant'
c_attributes['Destination'] = 'destination'
c_attributes['Consent'] = 'consent'
c_children['{%s}Issuer' % saml.SAML_NAMESPACE] = ('issuer', saml.Issuer)
c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Issuer' % saml.NAMESPACE] = ('issuer', saml.Issuer)
c_children['{%s}Signature' % ds.NAMESPACE] = ('signature', ds.Signature)
c_children['{%s}Extensions' % SAMLP_NAMESPACE] = ('extensions', Extensions)
c_child_order = ['issuer', 'signature', 'extensions']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for AbstractRequest
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -117,7 +117,7 @@ class AbstractRequest(SamlBase):
:param extension_attributes: A dictionary of attribute value string pairs
"""
SamlBase.__init__(self, text, extension_elements, extension_attributes)
self.id = identifier
self.id = id
self.version = version
self.issue_instant = issue_instant
self.destination = destination
@@ -250,23 +250,23 @@ class StatusResponse(SamlBase):
c_attributes['IssueInstant'] = 'issue_instant'
c_attributes['Destination'] = 'destination'
c_attributes['Consent'] = 'consent'
c_children['{%s}Issuer' % saml.SAML_NAMESPACE] = (
c_children['{%s}Issuer' % saml.NAMESPACE] = (
'issuer', saml.Issuer)
c_children['{%s}Signature' % ds.DS_NAMESPACE] = (
c_children['{%s}Signature' % ds.NAMESPACE] = (
'signature', ds.Signature)
c_children['{%s}Extensions' % SAMLP_NAMESPACE] = (
'extensions', Extensions)
c_children['{%s}Status' % SAMLP_NAMESPACE] = ('status', Status)
c_child_order = ['issuer', 'signature', 'extensions', 'status']
def __init__(self, identifier=None, in_response_to=None, version=None,
def __init__(self, id=None, in_response_to=None, version=None,
issue_instant=None, destination=None, consent=None,
issuer=None, signature=None, extensions=None, status=None,
text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for StatusResponse
:param identifier: ID attribute
:param id: ID attribute
:param in_respones_to: InResponseTo attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
@@ -284,7 +284,7 @@ class StatusResponse(SamlBase):
SamlBase.__init__(self, text, extension_elements,
extension_attributes)
self.id = identifier
self.id = id
self.in_response_to = in_response_to
self.version = version
self.issue_instant = issue_instant
@@ -313,14 +313,14 @@ class AssertionIDRequest(AbstractRequest):
c_attributes = AbstractRequest.c_attributes.copy()
c_attributes["AssertionIDRef"] = 'assertion_id_ref'
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, assertion_id_ref=None,
text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for AssertionIDRequest
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -335,7 +335,7 @@ class AssertionIDRequest(AbstractRequest):
string pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
@@ -357,17 +357,17 @@ class SubjectQuery(AbstractRequest):
c_namespace = SAMLP_NAMESPACE
c_children = AbstractRequest.c_children.copy()
c_attributes = AbstractRequest.c_attributes.copy()
c_children['{%s}Subject' % saml.SAML_NAMESPACE] = (
c_children['{%s}Subject' % saml.NAMESPACE] = (
'subject', saml.Subject)
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, subject=None,
text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for SubjectQuery
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -382,7 +382,7 @@ class SubjectQuery(AbstractRequest):
string pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
@@ -421,14 +421,14 @@ class AuthnQuery(SubjectQuery):
c_attributes = SubjectQuery.c_attributes.copy()
c_attributes['SessionIndex'] = 'session_index'
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, subject=None,
text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for SubjectQuery
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -443,7 +443,7 @@ class AuthnQuery(SubjectQuery):
string pairs
"""
SubjectQuery.__init__(self, identifier, version, issue_instant,
SubjectQuery.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
@@ -466,9 +466,9 @@ class RequestedAuthnContext(SamlBase):
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
c_attributes['Comparison'] = 'comparison'
c_children['{%s}AuthnContextClassRef' % saml.SAML_NAMESPACE] = (
c_children['{%s}AuthnContextClassRef' % saml.NAMESPACE] = (
'authn_context_class_ref', [saml.AuthnContextClassRef])
c_children['{%s}AuthnContextDeclRef' % saml.SAML_NAMESPACE] = (
c_children['{%s}AuthnContextDeclRef' % saml.NAMESPACE] = (
'authn_context_decl_ref', [saml.AuthnContextDeclRef])
def __init__(self, comparison=None, authn_context_class_ref=None,
@@ -504,17 +504,17 @@ class AttributeQuery(SubjectQuery):
c_namespace = SAMLP_NAMESPACE
c_children = SubjectQuery.c_children.copy()
c_attributes = SubjectQuery.c_attributes.copy()
c_children['{%s}Attribute' % saml.SAML_NAMESPACE] = (
c_children['{%s}Attribute' % saml.NAMESPACE] = (
'attribute', saml.Attribute)
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, subject=None, attribute=None,
text=None, extension_elements=None,
extension_attributes=None):
"""Constructor for AttributeQuery
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -531,7 +531,7 @@ class AttributeQuery(SubjectQuery):
string pairs
"""
SubjectQuery.__init__(self, identifier, version, issue_instant,
SubjectQuery.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, subject, text, extension_elements,
extension_attributes)
@@ -548,13 +548,13 @@ class Resource(SamlBase):
"""The saml:Resource element"""
c_tag = 'Resource'
c_namespace = saml.SAML_NAMESPACE
c_namespace = saml.NAMESPACE
c_children = SamlBase.c_children.copy()
c_attributes = SamlBase.c_attributes.copy()
def resource_from_string(xml_string):
""" Create Resource instance from an XML string """
return saml2.create_class_from_xml_string(Resource, xml_string)
return create_class_from_xml_string(Resource, xml_string)
# --------------------------------------------------------------------------
# 3.3.2.4 AuthzDecisionQuery
@@ -567,15 +567,15 @@ class AuthzDecisionQuery(SubjectQuery):
c_namespace = SAMLP_NAMESPACE
c_children = SubjectQuery.c_children.copy()
c_attributes = SubjectQuery.c_attributes.copy()
c_children['{%s}Resource' % saml.SAML_NAMESPACE] = (
c_children['{%s}Resource' % saml.NAMESPACE] = (
'resource', Resource)
c_children['{%s}Action' % saml.SAML_NAMESPACE] = (
c_children['{%s}Action' % saml.NAMESPACE] = (
'action', saml.Action)
c_children['{%s}Evidence' % saml.SAML_NAMESPACE] = (
c_children['{%s}Evidence' % saml.NAMESPACE] = (
'evidence', saml.Evidence)
c_child_order = ['action', 'evidence', 'resource']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, subject=None, resource=None,
action=None, evidence=None,
@@ -583,7 +583,7 @@ class AuthzDecisionQuery(SubjectQuery):
extension_attributes=None):
"""Constructor for AuthzDecisionQuery
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -603,7 +603,7 @@ class AuthzDecisionQuery(SubjectQuery):
string pairs
"""
SubjectQuery.__init__(self, identifier, version, issue_instant,
SubjectQuery.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, subject, text, extension_elements,
extension_attributes)
@@ -612,9 +612,9 @@ class AuthzDecisionQuery(SubjectQuery):
self.action = action or []
self.evidence = evidence
def attribute_query_from_string(xml_string):
""" Create AttributeQuery instance from an XML string """
return create_class_from_xml_string(AttributeQuery, xml_string)
def authz_decision_query_from_string(xml_string):
""" Create AuthzDecisionQuery instance from an XML string """
return create_class_from_xml_string(AuthzDecisionQuery, xml_string)
# ==========================================================================
# 3.3.3 Response
@@ -627,21 +627,21 @@ class Response(StatusResponse):
c_namespace = SAMLP_NAMESPACE
c_children = StatusResponse.c_children.copy()
c_attributes = StatusResponse.c_attributes.copy()
c_children['{%s}Assertion' % saml.SAML_NAMESPACE] = (
c_children['{%s}Assertion' % saml.NAMESPACE] = (
'assertion', [saml.Assertion])
c_children['{%s}EncryptedAssertion' % saml.SAML_NAMESPACE] = (
c_children['{%s}EncryptedAssertion' % saml.NAMESPACE] = (
'encrypted_assertion', [saml.EncryptedAssertion])
c_child_order = ['issuer', 'signature', 'extensions', 'status',
'assertion', 'encrypted_assertion']
def __init__(self, identifier=None, in_response_to=None, version=None,
def __init__(self, id=None, in_response_to=None, version=None,
issue_instant=None, destination=None, consent=None,
issuer=None, signature=None, extensions=None, status=None,
assertion=None, encrypted_assertion=None,
text=None, extension_elements=None, extension_attributes=None):
"""Constructor for Response
:param identifier: ID attribute
:param id: ID attribute
:param in_respones_to: InResponseTo attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
@@ -657,7 +657,7 @@ class Response(StatusResponse):
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value string pairs
"""
StatusResponse.__init__(self, identifier, in_response_to,
StatusResponse.__init__(self, id, in_response_to,
version, issue_instant,
destination, consent,
issuer, signature,
@@ -864,10 +864,10 @@ class AuthnRequest(AbstractRequest):
c_attributes['AssertionConsumingServiceIndex'] = \
'assertion_consuming_service_index'
c_attributes['ProviderName'] = 'provider_name'
c_children['{%s}Subject' % saml.SAML_NAMESPACE] = ('subject', saml.Subject)
c_children['{%s}Subject' % saml.NAMESPACE] = ('subject', saml.Subject)
c_children['{%s}NameIDPolicy' % SAMLP_NAMESPACE] = (
'name_id_policy', NameIDPolicy)
c_children['{%s}Conditions' % saml.SAML_NAMESPACE] = (
c_children['{%s}Conditions' % saml.NAMESPACE] = (
'conditions', saml.Conditions)
c_children['{%s}RequestedAuthnContext' % SAMLP_NAMESPACE] = (
'requested_authn_context', RequestedAuthnContext)
@@ -876,7 +876,7 @@ class AuthnRequest(AbstractRequest):
'name_id_policy', 'conditions', 'requested_authn_context',
'scoping']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, subject=None, name_id_policy=None,
conditions=None, requested_authn_context=None, scoping=None,
@@ -888,7 +888,7 @@ class AuthnRequest(AbstractRequest):
extension_elements=None, extension_attributes=None):
"""Constructor for AuthnRequest
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -916,7 +916,7 @@ class AuthnRequest(AbstractRequest):
:param extension_attributes: A dictionary of attribute value string
pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
@@ -970,7 +970,7 @@ def terminate_from_string(xml_string):
class ManageNameIDRequest(AbstractRequest):
"""The samlp:NameIDMappingRequest element
To request an alternate name identifier for a principal from an identity
To request an alternate name id for a principal from an identity
provider, a requester sends an NameIDMappingRequest message
"""
@@ -979,25 +979,31 @@ class ManageNameIDRequest(AbstractRequest):
c_children = AbstractRequest.c_children.copy()
c_attributes = AbstractRequest.c_attributes.copy()
c_attributes["NewID"] = "new_id"
c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = (
c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.NAMESPACE] = (
'encrypted_id', saml.EncryptedID)
c_children['{%s}NewEncryptedID' % saml.SAML_NAMESPACE] = (
c_children['{%s}NewEncryptedID' % saml.NAMESPACE] = (
'new_encrypted_id', saml.EncryptedID)
c_children['{%s}Terminate' % SAMLP_NAMESPACE] = (
'terminate', Terminate)
c_child_order = ['name_id', 'encrypted_id',
'new_id', 'new_encrypted_id', 'terminate']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, new_id=None, name_id=None, encrypted_id=None,
new_encrypted_id=None, terminate=None,
id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None,
base_id=None, name_id=None, encrypted_id=None,
name_id_policy=None, text=None,
extensions=None, name_id_policy=None, text=None,
extension_elements=None, extension_attributes=None):
"""Constructor for ManageNameIDRequest
:param identifier: ID attribute
:param new_id: The new id value
:param name_id: NameID element
:param encrypted_id: EncryptedID element
:param new_encrypted_id:
:param terminate:
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -1005,25 +1011,19 @@ class ManageNameIDRequest(AbstractRequest):
:param issuer: Issuer element
:param signature: Signature element
:param extensions: Extensions element
:param name_id: NameID element
:param encrypted_id: EncryptedID element
:param new_id: The new identifier value
:param new_encrypted_id:
:param terminate:
:param text: The text data in the this element
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value string pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
self.not_on_or_after = not_on_or_after
self.reason = reason
self.base_id = base_id
self.new_id = new_id
self.name_id = name_id
self.encrypted_id = encrypted_id
self.session_index = session_index
self.new_encrypted_id = new_encrypted_id
self.terminate = terminate
def manage_name_id_request_from_string(xml_string):
""" Create ManageNameIDRequest instance from an XML string """
@@ -1060,16 +1060,16 @@ class LogoutRequest(AbstractRequest):
c_attributes = AbstractRequest.c_attributes.copy()
c_attributes['NotOnOrAfter'] = 'not_on_or_after'
c_attributes['Reason'] = 'reason'
c_children['{%s}BaseID' % saml.SAML_NAMESPACE] = ('base_id', saml.BaseID)
c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = (
c_children['{%s}BaseID' % saml.NAMESPACE] = ('base_id', saml.BaseID)
c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.NAMESPACE] = (
'encrypted_id', saml.EncryptedID)
c_children['{%s}SessionIndex' % SAMLP_NAMESPACE] = (
'session_index', SessionIndex)
c_child_order = ['issuer', 'signature', 'extensions', 'base_id',
'name_id', 'encrypted_id', 'session_index']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, not_on_or_after=None, reason=None,
base_id=None, name_id=None, encrypted_id=None,
@@ -1077,7 +1077,7 @@ class LogoutRequest(AbstractRequest):
extension_elements=None, extension_attributes=None):
"""Constructor for LogoutRequest
:param identifier: ID attribute
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -1095,7 +1095,7 @@ class LogoutRequest(AbstractRequest):
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value string pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
@@ -1133,7 +1133,7 @@ def logout_response_from_string(xml_string):
class NameIDMappingRequest(AbstractRequest):
"""The samlp:NameIDMappingRequest element
To request an alternate name identifier for a principal from an identity
To request an alternate name id for a principal from an identity
provider, a requester sends an NameIDMappingRequest message
"""
@@ -1141,23 +1141,29 @@ class NameIDMappingRequest(AbstractRequest):
c_namespace = SAMLP_NAMESPACE
c_children = AbstractRequest.c_children.copy()
c_attributes = AbstractRequest.c_attributes.copy()
c_children['{%s}BaseID' % saml.SAML_NAMESPACE] = ('base_id', saml.BaseID)
c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = (
c_children['{%s}BaseID' % saml.NAMESPACE] = ('base_id', saml.BaseID)
c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.NAMESPACE] = (
'encrypted_id', saml.EncryptedID)
c_children['{%s}NameIDPolicy' % SAMLP_NAMESPACE] = (
'name_id_policy', NameIDPolicy)
c_child_order = ['base_id', 'name_id', 'encrypted_id', 'name_id_policy']
def __init__(self, identifier=None, version=None, issue_instant=None,
def __init__(self, base_id=None, name_id=None, encrypted_id=None,
name_id_policy=None,
id=None, version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None,
base_id=None, name_id=None, encrypted_id=None,
name_id_policy=None, text=None,
text=None,
extension_elements=None, extension_attributes=None):
"""Constructor for LogoutRequest
:param identifier: ID attribute
:param base_id: BaseID element
:param name_id: NameID element
:param encrypted_id: EncryptedID element
:param name_id_policy: The requirements regarding the format and
optional name qualifier for the id to be returned.
:param id: ID attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
:param destination: Destination attribute
@@ -1165,25 +1171,18 @@ class NameIDMappingRequest(AbstractRequest):
:param issuer: Issuer element
:param signature: Signature element
:param extensions: Extensions element
:param base_id: BaseID element
:param name_id: NameID element
:param encrypted_id: EncryptedID element
:param name_id_policy: The requirements regarding the format and
optional name qualifier for the identifier to be returned.
:param text: The text data in the this element
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value string pairs
"""
AbstractRequest.__init__(self, identifier, version, issue_instant,
AbstractRequest.__init__(self, id, version, issue_instant,
destination, consent, issuer, signature,
extensions, text, extension_elements,
extension_attributes)
self.not_on_or_after = not_on_or_after
self.reason = reason
self.base_id = base_id
self.name_id = name_id
self.encrypted_id = encrypted_id
self.session_index = session_index
self.name_id_policy = name_id_policy
def name_id_mapping_request_from_string(xml_string):
""" Create NameIDMappingRequest instance from an XML string """
@@ -1201,21 +1200,24 @@ class NameIDMappingResponse(StatusResponse):
c_namespace = SAMLP_NAMESPACE
c_children = StatusResponse.c_children.copy()
c_attributes = StatusResponse.c_attributes.copy()
c_children['{%s}NameID' % saml.SAML_NAMESPACE] = (
c_children['{%s}NameID' % saml.NAMESPACE] = (
'name_id', saml.NameID)
c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = (
c_children['{%s}EncryptedID' % saml.NAMESPACE] = (
'encrypted_id', saml.EncryptedID)
c_child_order = ['name_id', 'encrypted_id']
def __init__(self, identifier=None, in_response_to=None,
def __init__(self, name_id=None, encrypted_id=None,
id=None, in_response_to=None,
version=None, issue_instant=None,
destination=None, consent=None, issuer=None, signature=None,
extensions=None, status=None,
base_id=None, name_id=None, text=None,
text=None,
extension_elements=None, extension_attributes=None):
"""Constructor for NameIDMappingResponse
:param identifier: ID attribute
:param name_id: The id
:param encrypted_id: associated descriptive data
:param id: ID attribute
:param in_respones_to: InResponseTo attribute
:param version: Version attribute
:param issue_instant: IssueInstant attribute
@@ -1225,22 +1227,18 @@ class NameIDMappingResponse(StatusResponse):
:param signature: Signature element
:param extensions: Extensions element
:param status: Status element
:param base_id: associated descriptive data
:param name_id: The identifier
:param text: The text data in the this element
:param extension_elements: A list of ExtensionElement instances
:param extension_attributes: A dictionary of attribute value
string pairs
"""
StatusResponse.__init__(self, identifier, in_response_to,
StatusResponse.__init__(self, id, in_response_to,
version, issue_instant, destination, consent,
issuer, signature, extensions, status,
text, extension_elements, extension_attributes)
self.not_on_or_after = not_on_or_after
self.reason = reason
self.base_id = base_id
self.name_id = name_id
self.encrypted_id = encrypted_id
def name_id_mapping_response_from_string(xml_string):
""" Create NameIDMappingResponse instance from an XML string """

8
src/saml2/sigver.py
View File

@@ -4,6 +4,7 @@ from saml2 import samlp
from tempfile import NamedTemporaryFile
from subprocess import Popen, PIPE
import base64
import random
XMLSEC_BINARY = "/usr/local/bin/xmlsec1"
ID_ATTR = "ID"
@@ -96,7 +97,8 @@ def correctly_signed_response(decoded_xml):
if _TEST_:
print " ".join(com_list)
verified = _parse_popen_output(Popen(com_list, stderr=PIPE).communicate()[1])
verified = _parse_popen_output(Popen(com_list,
stderr=PIPE).communicate()[1])
if _TEST_:
print "Verify result: '%s'" % (verified,)
@@ -114,8 +116,8 @@ def sign_using_xmlsec(statement, sign_key):
"""xmlsec1 --sign --privkey-pem test.key --id-attr:ID
urn:oasis:names:tc:SAML:2.0:assertion:Assertion saml_response.xml"""
fil_p, fil = make_temp("%s" % statement, decode=False)
pem_file_pointer, pem_file = make_temp("%s" % sign_key, ".pem")
_, fil = make_temp("%s" % statement, decode=False)
_, pem_file = make_temp("%s" % sign_key, ".pem")
com_list = [XMLSEC_BINARY, "--sign",
"--privkey-cert-pem", pem_file, "--id-attr:%s" % ID_ATTR,

219
src/xmldsig/__init__.py
View File

@@ -34,8 +34,8 @@ except ImportError:
import saml2
from saml2 import create_class_from_xml_string
DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
DS_TEMPLATE = '{http://www.w3.org/2000/09/xmldsig#}%s'
NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#'
TEMPLATE = '{http://www.w3.org/2000/09/xmldsig#}%s'
ENCODING_BASE64 = 'http://www.w3.org/2000/09/xmldsig#base64'
DIGEST_SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'
@@ -62,7 +62,7 @@ class Object(DsBase):
"""The ds:Object element"""
c_tag = 'Object'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = 'identifier'
@@ -95,7 +95,7 @@ class MgmtData(DsBase):
"""The ds:MgmtData element"""
c_tag = 'MgmtData'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -108,7 +108,7 @@ class SPKISexp(DsBase):
"""The ds:SPKISexp element"""
c_tag = 'SPKISexp'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -121,10 +121,10 @@ class SPKIData(DsBase):
"""The ds:SPKIData element"""
c_tag = 'SPKIData'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}SPKISexp' % DS_NAMESPACE] = ('spki_sexp', [SPKISexp])
c_children['{%s}SPKISexp' % NAMESPACE] = ('spki_sexp', [SPKISexp])
def __init__(self, spki_sexp=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -149,7 +149,7 @@ class PGPKeyID(DsBase):
"""The ds:PGPKeyID element"""
c_tag = 'PGPKeyID'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -162,7 +162,7 @@ class PGPKeyPacket(DsBase):
"""The ds:PGPKeyPacket element"""
c_tag = 'PGPKeyPacket'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -175,11 +175,11 @@ class PGPData(DsBase):
"""The ds:PGPData element"""
c_tag = 'PGPData'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}PGPKeyID' % DS_NAMESPACE] = ('pgp_key_id', PGPKeyID)
c_children['{%s}PGPKeyPacket' % DS_NAMESPACE] = (
c_children['{%s}PGPKeyID' % NAMESPACE] = ('pgp_key_id', PGPKeyID)
c_children['{%s}PGPKeyPacket' % NAMESPACE] = (
'pgp_key_packet', PGPKeyPacket)
c_child_order = ['pgp_key_id', 'pgp_key_packet']
@@ -208,7 +208,7 @@ class X509IssuerName(DsBase):
"""The ds:X509IssuerName element"""
c_tag = 'X509IssuerName'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -221,7 +221,7 @@ class X509IssuerNumber(DsBase):
"""The ds:X509IssuerNumber element"""
c_tag = 'X509IssuerNumber'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -234,12 +234,12 @@ class X509IssuerSerial(DsBase):
"""The ds:X509IssuerSerial element"""
c_tag = 'X509IssuerSerial'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}X509IssuerName' % DS_NAMESPACE] = (
c_children['{%s}X509IssuerName' % NAMESPACE] = (
'x509_issuer_name', X509IssuerName)
c_children['{%s}X509IssuerNumber' % DS_NAMESPACE] = (
c_children['{%s}X509IssuerNumber' % NAMESPACE] = (
'x509_issuer_number', X509IssuerNumber)
c_child_order = ['x509_issuer_name', 'x509_issuer_number']
@@ -269,7 +269,7 @@ class X509SKI(DsBase):
"""The ds:X509SKI element"""
c_tag = 'X509SKI'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -282,7 +282,7 @@ class X509SubjectName(DsBase):
"""The ds:X509SubjectName element"""
c_tag = 'X509SubjectName'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -295,7 +295,7 @@ class X509Certificate(DsBase):
"""The ds:X509Certificate element"""
c_tag = 'X509Certificate'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -308,7 +308,7 @@ class X509CRL(DsBase):
"""The ds:X509CRL element"""
c_tag = 'X509CRL'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -321,17 +321,17 @@ class X509Data(DsBase):
"""The ds:X509Data element"""
c_tag = 'X509Data'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}X509IssuerSerial' % DS_NAMESPACE] = (
c_children['{%s}X509IssuerSerial' % NAMESPACE] = (
'x509_issuer_serial', [X509IssuerSerial])
c_children['{%s}X509SKI' % DS_NAMESPACE] = ('x509_ski', [X509SKI])
c_children['{%s}X509SubjectName' % DS_NAMESPACE] = (
c_children['{%s}X509SKI' % NAMESPACE] = ('x509_ski', [X509SKI])
c_children['{%s}X509SubjectName' % NAMESPACE] = (
'x509_subject_name', [X509SubjectName])
c_children['{%s}X509Certificate' % DS_NAMESPACE] = (
c_children['{%s}X509Certificate' % NAMESPACE] = (
'x509_certificate', [X509Certificate])
c_children['{%s}X509CRL' % DS_NAMESPACE] = ('x509_crl', [X509CRL])
c_children['{%s}X509CRL' % NAMESPACE] = ('x509_crl', [X509CRL])
c_child_order = ['x509_issuer_serial', 'x509_ski', 'x509_subject_name',
'x509_certificate', 'x509_crl']
@@ -368,11 +368,11 @@ class XPath(DsBase):
"""The ds:XPath element"""
c_tag = 'XPath'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
def x_path_from_string(xml_string):
def xpath_from_string(xml_string):
""" Create XPath instance from an XML string """
return create_class_from_xml_string(XPath, xml_string)
@@ -381,11 +381,11 @@ class Transform(DsBase):
"""The ds:Transform element"""
c_tag = 'Transform'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Algorithm'] = 'algorithm'
c_children['{%s}XPath' % DS_NAMESPACE] = ('xpath', [XPath])
c_children['{%s}XPath' % NAMESPACE] = ('xpath', [XPath])
def __init__(self, xpath=None, algorithm=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -411,10 +411,10 @@ class Transforms(DsBase):
"""The ds:Transforms element"""
c_tag = 'Transforms'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}Transform' % DS_NAMESPACE] = ('transform', [Transform])
c_children['{%s}Transform' % NAMESPACE] = ('transform', [Transform])
def __init__(self, transform=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -438,12 +438,12 @@ class RetrievalMethod(DsBase):
"""The ds:RetrievalMethod element"""
c_tag = 'RetrievalMethod'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['URI'] = 'uri'
c_attributes['Type'] = 'type'
c_children['{%s}Transforms' % DS_NAMESPACE] = ('transforms', [Transforms])
c_children['{%s}Transforms' % NAMESPACE] = ('transforms', [Transforms])
def __init__(self, transforms=None, uri=None, typ=None, text=None,
extension_elements=None, extension_attributes=None):
@@ -471,7 +471,7 @@ class Modulus(DsBase):
"""The ds:Modulus element"""
c_tag = 'Modulus'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -484,7 +484,7 @@ class Exponent(DsBase):
"""The ds:Exponent element"""
c_tag = 'Exponent'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -497,11 +497,11 @@ class RSAKeyValue(DsBase):
"""The ds:RSAKeyValue element"""
c_tag = 'RSAKeyValue'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}Modulus' % DS_NAMESPACE] = ('modulus', Modulus)
c_children['{%s}Exponent' % DS_NAMESPACE] = ('exponent', Exponent)
c_children['{%s}Modulus' % NAMESPACE] = ('modulus', Modulus)
c_children['{%s}Exponent' % NAMESPACE] = ('exponent', Exponent)
c_child_order = ['modulus', 'exponent']
def __init__(self, modulus=None, exponent=None, text=None,
@@ -528,7 +528,7 @@ class DsP(DsBase):
"""The ds:P element"""
c_tag = 'P'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -541,7 +541,7 @@ class DsQ(DsBase):
"""The ds:Q element"""
c_tag = 'Q'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -554,7 +554,7 @@ class DsG(DsBase):
"""The ds:G element"""
c_tag = 'G'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -567,7 +567,7 @@ class DsY(DsBase):
"""The ds:Y element"""
c_tag = 'Y'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -580,7 +580,7 @@ class DsJ(DsBase):
"""The ds:J element"""
c_tag = 'J'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -593,7 +593,7 @@ class Seed(DsBase):
"""The ds:Seed element"""
c_tag = 'Seed'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -606,7 +606,7 @@ class PgenCounter(DsBase):
"""The ds:PgenCounter element"""
c_tag = 'PgenCounter'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -619,16 +619,16 @@ class DSAKeyValue(DsBase):
"""The ds:DSAKeyValue element"""
c_tag = 'DSAKeyValue'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}P' % DS_NAMESPACE] = ('p', DsP)
c_children['{%s}Q' % DS_NAMESPACE] = ('q', DsQ)
c_children['{%s}G' % DS_NAMESPACE] = ('g', DsG)
c_children['{%s}Y' % DS_NAMESPACE] = ('y', DsY)
c_children['{%s}J' % DS_NAMESPACE] = ('j', DsJ)
c_children['{%s}Seed' % DS_NAMESPACE] = ('seed', Seed)
c_children['{%s}PgenCounter' % DS_NAMESPACE] = ('pgen_counter', PgenCounter)
c_children['{%s}P' % NAMESPACE] = ('p', DsP)
c_children['{%s}Q' % NAMESPACE] = ('q', DsQ)
c_children['{%s}G' % NAMESPACE] = ('g', DsG)
c_children['{%s}Y' % NAMESPACE] = ('y', DsY)
c_children['{%s}J' % NAMESPACE] = ('j', DsJ)
c_children['{%s}Seed' % NAMESPACE] = ('seed', Seed)
c_children['{%s}PgenCounter' % NAMESPACE] = ('pgen_counter', PgenCounter)
c_child_order = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgen_counter']
@@ -667,12 +667,12 @@ class KeyValue(DsBase):
"""The ds:KeyValue element"""
c_tag = 'KeyValue'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_children['{%s}RSAKeyValue' % DS_NAMESPACE] = ('rsa_key_value',
c_children['{%s}RSAKeyValue' % NAMESPACE] = ('rsa_key_value',
RSAKeyValue)
c_children['{%s}DSAKeyValue' % DS_NAMESPACE] = ('dsa_key_value',
c_children['{%s}DSAKeyValue' % NAMESPACE] = ('dsa_key_value',
DSAKeyValue)
c_child_order = ['rsa_key_value', 'dsa_key_value']
@@ -701,7 +701,7 @@ class KeyName(DsBase):
"""The ds:KeyName element"""
c_tag = 'KeyName'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -714,18 +714,18 @@ class KeyInfo(DsBase):
"""The ds:KeyInfo element"""
c_tag = 'KeyInfo'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = "identifier"
c_children['{%s}KeyName' % DS_NAMESPACE] = ('key_name', [KeyName])
c_children['{%s}KeyValue' % DS_NAMESPACE] = ('key_value', [KeyValue])
c_children['{%s}RetrievalMethod' % DS_NAMESPACE] = (
c_children['{%s}KeyName' % NAMESPACE] = ('key_name', [KeyName])
c_children['{%s}KeyValue' % NAMESPACE] = ('key_value', [KeyValue])
c_children['{%s}RetrievalMethod' % NAMESPACE] = (
'retrieval_method', [RetrievalMethod])
c_children['{%s}X509Data' % DS_NAMESPACE] = ('x509_data', [X509Data])
c_children['{%s}PGPData' % DS_NAMESPACE] = ('pgp_data', [PGPData])
c_children['{%s}SPKIData' % DS_NAMESPACE] = ('spki_data', [SPKIData])
c_children['{%s}MgmtData' % DS_NAMESPACE] = ('mgmt_data', [MgmtData])
c_children['{%s}X509Data' % NAMESPACE] = ('x509_data', [X509Data])
c_children['{%s}PGPData' % NAMESPACE] = ('pgp_data', [PGPData])
c_children['{%s}SPKIData' % NAMESPACE] = ('spki_data', [SPKIData])
c_children['{%s}MgmtData' % NAMESPACE] = ('mgmt_data', [MgmtData])
c_child_order = ['key_name', 'key_value', 'retrieval_method', 'x509_data',
'pgp_data', 'spki_data', 'mgmt_data']
@@ -768,7 +768,7 @@ class DigestValue(DsBase):
"""The ds:DigestValue element"""
c_tag = 'DigestValue'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -781,7 +781,7 @@ class DigestMethod(DsBase):
"""The ds:DigestMethod element"""
c_tag = 'DigestMethod'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Algorithm'] = "algorithm"
@@ -808,16 +808,16 @@ class Reference(DsBase):
"""The ds:Reference element"""
c_tag = 'Reference'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = "identifier"
c_attributes['URI'] = "uri"
c_attributes['Type'] = "type"
c_children['{%s}Transforms' % DS_NAMESPACE] = ('transforms', [Transforms])
c_children['{%s}DigestMethod' % DS_NAMESPACE] = (
c_children['{%s}Transforms' % NAMESPACE] = ('transforms', [Transforms])
c_children['{%s}DigestMethod' % NAMESPACE] = (
'digest_method', [DigestMethod])
c_children['{%s}DigestValue' % DS_NAMESPACE] = ('digest_value',
c_children['{%s}DigestValue' % NAMESPACE] = ('digest_value',
[DigestValue])
c_child_order = ['transforms', 'digest_method', 'digest_value']
@@ -855,7 +855,7 @@ class HMACOutputLength(DsBase):
"""The ds:HMACOutputLength element"""
c_tag = 'HMACOutputLength'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
@@ -868,11 +868,11 @@ class SignatureMethod(DsBase):
"""The ds:SignatureMethod element"""
c_tag = 'SignatureMethod'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Algorithm'] = "algorithm"
c_children['{%s}HMACOutputLength' % DS_NAMESPACE] = (
c_children['{%s}HMACOutputLength' % NAMESPACE] = (
'hmac_output_length', HMACOutputLength)
def __init__(self, algorithm=None, hmac_output_length=None, text=None,
@@ -899,7 +899,7 @@ class CanonicalizationMethod(DsBase):
"""The ds:CanonicalizationMethod element"""
c_tag = 'CanonicalizationMethod'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Algorithm'] = "algorithm"
@@ -926,15 +926,15 @@ class SignedInfo(DsBase):
"""The ds:SignedInfo element"""
c_tag = 'SignedInfo'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = "identifier"
c_children['{%s}CanonicalizationMethod' % DS_NAMESPACE] = (
c_children['{%s}CanonicalizationMethod' % NAMESPACE] = (
'canonicalization_method', CanonicalizationMethod)
c_children['{%s}SignatureMethod' % DS_NAMESPACE] = (
c_children['{%s}SignatureMethod' % NAMESPACE] = (
'signature_method', SignatureMethod)
c_children['{%s}Reference' % DS_NAMESPACE] = ('reference', [Reference])
c_children['{%s}Reference' % NAMESPACE] = ('reference', [Reference])
c_child_order = ['canonicalization_method', 'signature_method',
'reference']
@@ -967,7 +967,7 @@ class SignatureValue(DsBase):
"""The ds:SignatureValue element"""
c_tag = 'SignatureValue'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = "identifier"
@@ -995,15 +995,15 @@ class Signature(DsBase):
"""The ds:Signature element"""
c_tag = 'Signature'
c_namespace = DS_NAMESPACE
c_namespace = NAMESPACE
c_children = DsBase.c_children.copy()
c_attributes = DsBase.c_attributes.copy()
c_attributes['Id'] = "identifier"
c_children['{%s}SignedInfo' % DS_NAMESPACE] = ('signed_info', SignedInfo)
c_children['{%s}SignatureValue' % DS_NAMESPACE] = (
c_children['{%s}SignedInfo' % NAMESPACE] = ('signed_info', SignedInfo)
c_children['{%s}SignatureValue' % NAMESPACE] = (
'signature_value', SignatureValue)
c_children['{%s}KeyInfo' % DS_NAMESPACE] = ('key_info', KeyInfo)
c_children['{%s}Object' % DS_NAMESPACE] = ('object', [Object])
c_children['{%s}KeyInfo' % NAMESPACE] = ('key_info', KeyInfo)
c_children['{%s}Object' % NAMESPACE] = ('object', [Object])
c_child_order = ["signed_info", "signature_value", "key_info", "object"]
def __init__(self, identifier=None, signed_info=None, signature_value=None,
@@ -1056,3 +1056,48 @@ def get_empty_signature(canonicalization_method_algorithm=C14N_WITH_C,
key_info=KeyInfo(key_value=KeyValue()))
return signature
ELEMENT_FROM_STRING = {
Object.c_tag: object_from_string,
MgmtData.c_tag: mgmt_data_from_string,
SPKISexp.c_tag: spki_sexp_from_string,
SPKIData.c_tag: spki_data_from_string,
PGPKeyID.c_tag: pgp_key_id_from_string,
PGPKeyPacket.c_tag: pgp_key_packet_from_string,
PGPData.c_tag: pgp_data_from_string,
X509IssuerName.c_tag: x509_issuer_name_from_string,
X509IssuerNumber.c_tag: x509_issuer_number_from_string,
X509IssuerSerial.c_tag: x509_issuer_serial_from_string,
X509SKI.c_tag: x509_ski_from_string,
X509SubjectName.c_tag: x509_subject_name_from_string,
X509Certificate.c_tag: x509_certificate_from_string,
X509CRL.c_tag: x509_crl_from_string,
X509Data.c_tag: x509_data_from_string,
XPath.c_tag: xpath_from_string,
Transform.c_tag: transform_from_string,
Transforms.c_tag: transforms_from_string,
RetrievalMethod.c_tag: retrieval_method_from_string,
Modulus.c_tag: modulus_from_string,
Exponent.c_tag: exponent_from_string,
RSAKeyValue.c_tag: rsa_key_value_from_string,
DsP.c_tag: p_from_string,
DsQ.c_tag: q_from_string,
DsG.c_tag: g_from_string,
DsY.c_tag: y_from_string,
DsJ.c_tag: j_from_string,
Seed.c_tag: seed_from_string,
PgenCounter.c_tag: pgen_counter_from_string,
DSAKeyValue.c_tag: dsa_key_value_from_string,
KeyValue.c_tag: key_value_from_string,
KeyName.c_tag: key_name_from_string,
KeyInfo.c_tag: key_info_from_string,
DigestValue.c_tag: digest_value_from_string,
DigestMethod.c_tag: digest_method_from_string,
Reference.c_tag: reference_from_string,
HMACOutputLength.c_tag: hmac_output_length_from_string,
SignatureMethod.c_tag: signature_method_from_string,
CanonicalizationMethod.c_tag: canonicalization_method_from_string,
SignedInfo.c_tag: signed_info_from_string,
SignatureValue.c_tag: signature_value_from_string,
Signature.c_tag: signature_from_string,
}

99
src/xmlenc/__init__.py
View File

@@ -37,8 +37,8 @@ from saml2 import create_class_from_xml_string
import xmldsig as ds
ENC_NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#'
ENC_TEMPLATE = '{http://www.w3.org/2001/04/xmlenc#}%s'
NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#'
#TEMPLATE = '{http://www.w3.org/2001/04/xmlenc#}%s'
class EncBase(saml2.SamlBase):
"""The enc:EncBase element"""
@@ -53,7 +53,7 @@ class EncBase(saml2.SamlBase):
class KeySize(EncBase):
c_tag = 'KeySize'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
@@ -68,7 +68,7 @@ def key_size_from_string(xml_string):
class OAEPparams(EncBase):
c_tag = 'OAEPparams'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
@@ -84,13 +84,13 @@ class EncryptionMethod(EncBase):
"""The enc:EncryptionMethod element"""
c_tag = 'EncryptionMethod'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['Algorithm'] = 'algorithm'
c_children['{%s}KeySize' % ENC_NAMESPACE] = (
c_children['{%s}KeySize' % NAMESPACE] = (
'key_size', [KeySize])
c_children['{%s}OAEPparams' % ENC_NAMESPACE] = (
c_children['{%s}OAEPparams' % NAMESPACE] = (
'oaep_params', [OAEPparams])
def __init__(self, algorithm=None, key_size=None, oaep_params=None,
@@ -122,7 +122,7 @@ def encryption_method_from_string(xml_string):
class CipherValue(EncBase):
c_tag = 'CipherValue'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
@@ -139,10 +139,10 @@ def cipher_value_from_string(xml_string):
class Transforms(EncBase):
c_tag = 'Transforms'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_children['{%s}Transform' % ds.DS_NAMESPACE] = (
c_children['{%s}Transform' % ds.NAMESPACE] = (
'transform', [ds.Transform])
def __init__(self, transform=None,
@@ -170,11 +170,11 @@ def transforms_from_string(xml_string):
class CipherReference(EncBase):
c_tag = 'CipherReference'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['URI'] = 'uri'
c_children['{%s}Transforms' % ENC_NAMESPACE] = (
c_children['{%s}Transforms' % NAMESPACE] = (
'transforms', [Transforms])
def __init__(self, uri=None, transforms=None,
@@ -205,12 +205,12 @@ class CipherData(EncBase):
"""The enc:CipherData element"""
c_tag = 'CipherData'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_children['{%s}CipherValue' % ENC_NAMESPACE] = (
c_children['{%s}CipherValue' % NAMESPACE] = (
'cipher_value', [CipherValue])
c_children['{%s}CipherReference' % ENC_NAMESPACE] = (
c_children['{%s}CipherReference' % NAMESPACE] = (
'cipher_reference', [CipherReference])
c_child_order = ['cipher_value', 'cipher_reference']
@@ -231,6 +231,10 @@ class CipherData(EncBase):
self.cipher_value = cipher_value
self.cipher_reference = cipher_reference
def cipher_data_from_string(xml_string):
""" Create CipherData instance from an XML string """
return create_class_from_xml_string(CipherData, xml_string)
# ---------------------------------------------------------------------------
# EncryptionProperty
# ---------------------------------------------------------------------------
@@ -238,7 +242,7 @@ class CipherData(EncBase):
class EncryptionProperty(EncBase):
c_tag = 'EncryptionProperty'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['Target'] = 'target'
@@ -271,11 +275,11 @@ def encryption_property_from_string(xml_string):
class EncryptionProperties(EncBase):
c_tag = 'EncryptionProperties'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['Id'] = 'identifier'
c_children['{%s}EncryptionProperty' % ENC_NAMESPACE] = (
c_children['{%s}EncryptionProperty' % NAMESPACE] = (
'encryption_property', [EncryptionProperty])
def __init__(self, identifier=None, encryption_property=None,
@@ -306,20 +310,20 @@ class EncryptedType(EncBase):
"""The enc:EncryptedType element"""
c_tag = 'EncryptedType'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['Id'] = 'identifier'
c_attributes['Type'] = 'typ'
c_attributes['MimeType'] = 'mime_type'
c_attributes['Encoding'] = 'encoding'
c_children['{%s}EncryptionMethod' % ENC_NAMESPACE] = (
c_children['{%s}EncryptionMethod' % NAMESPACE] = (
'encryption_method', [EncryptionMethod])
c_children['{%s}KeyInfo' % ds.DS_NAMESPACE] = (
c_children['{%s}KeyInfo' % ds.NAMESPACE] = (
'key_info', [ds.KeyInfo])
c_children['{%s}CipherData' % ENC_NAMESPACE] = (
c_children['{%s}CipherData' % NAMESPACE] = (
'cipher_data', [CipherData])
c_children['{%s}EncryptionProperties' % ENC_NAMESPACE] = (
c_children['{%s}EncryptionProperties' % NAMESPACE] = (
'encryption_properties', [EncryptionProperties])
c_child_order = ['encryption_method', 'key_info',
'cipher_data','encryption_properties']
@@ -366,7 +370,7 @@ class EncryptedData(EncryptedType):
"""The enc:EncryptedData element"""
c_tag = 'EncryptedData'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncryptedType.c_children.copy()
c_attributes = EncryptedType.c_attributes.copy()
@@ -381,7 +385,7 @@ def encrypted_data_from_string(xml_string):
class ReferenceType(EncBase):
c_tag = 'ReferenceType'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_attributes['URI'] = 'uri'
@@ -411,10 +415,14 @@ def reference_type_from_string(xml_string):
class DataReference(ReferenceType):
c_tag = 'DataReference'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = ReferenceType.c_children.copy()
c_attributes = ReferenceType.c_attributes.copy()
def data_reference_from_string(xml_string):
""" Create DataReference instance from an XML string """
return create_class_from_xml_string(DataReference, xml_string)
# ---------------------------------------------------------------------------
# KeyReference
# ---------------------------------------------------------------------------
@@ -422,10 +430,14 @@ class DataReference(ReferenceType):
class KeyReference(ReferenceType):
c_tag = 'KeyReference'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = ReferenceType.c_children.copy()
c_attributes = ReferenceType.c_attributes.copy()
def key_reference_from_string(xml_string):
""" Create KeyReference instance from an XML string """
return create_class_from_xml_string(KeyReference, xml_string)
# ---------------------------------------------------------------------------
# ReferenceList
# ---------------------------------------------------------------------------
@@ -433,12 +445,12 @@ class KeyReference(ReferenceType):
class ReferenceList(EncBase):
c_tag = 'ReferenceList'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
c_children['{%s}DataReference' % ENC_NAMESPACE] = (
c_children['{%s}DataReference' % NAMESPACE] = (
'data_reference', [DataReference])
c_children['{%s}KeyReference' % ENC_NAMESPACE] = (
c_children['{%s}KeyReference' % NAMESPACE] = (
'key_reference', [KeyReference])
def __init__(self, data_reference=None, key_reference=None,
@@ -468,7 +480,7 @@ def reference_list_from_string(xml_string):
class CarriedKeyName(EncBase):
c_tag = 'CarriedKeyName'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncBase.c_children.copy()
c_attributes = EncBase.c_attributes.copy()
@@ -484,13 +496,13 @@ class EncryptedKey(EncryptedType):
"""The enc:EncryptedKey element"""
c_tag = 'EncryptedKey'
c_namespace = ENC_NAMESPACE
c_namespace = NAMESPACE
c_children = EncryptedType.c_children.copy()
c_attributes = EncryptedType.c_attributes.copy()
c_attributes['Recipient'] = 'recipient'
c_children['{%s}ReferenceList' % ENC_NAMESPACE] = (
c_children['{%s}ReferenceList' % NAMESPACE] = (
'reference_list', [ReferenceList])
c_children['{%s}CarriedKeyName' % ENC_NAMESPACE] = (
c_children['{%s}CarriedKeyName' % NAMESPACE] = (
'carried_key_name', [CarriedKeyName])
def __init__(self, recipient=None, reference_list=None,
@@ -529,3 +541,22 @@ def encrypted_key_from_string(xml_string):
""" Create EncryptedKey instance from an XML string """
return create_class_from_xml_string(EncryptedKey, xml_string)
ELEMENT_TO_STRING = {
KeySize: key_size_from_string,
OAEPparams: oaep_params_from_string,
EncryptionMethod: encryption_method_from_string,
CipherValue: cipher_value_from_string,
Transforms: transforms_from_string,
CipherReference: cipher_reference_from_string,
CipherData: cipher_data_from_string,
EncryptionProperty: encryption_property_from_string,
EncryptionProperties: encryption_properties_from_string,
EncryptedType: encrypted_type_from_string,
EncryptedData: encrypted_data_from_string,
ReferenceType: reference_type_from_string,
DataReference: data_reference_from_string,
KeyReference: key_reference_from_string,
ReferenceList: reference_list_from_string,
CarriedKeyName: carried_key_name_from_string,
EncryptedKey: encrypted_key_from_string,
}