From 70e299f27ca0dd8bf24e8bd0e0e455618ed3fcd7 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Thu, 15 Oct 2009 09:50:13 +0200 Subject: [PATCH] Pylint and autumn cleaning --- src/saml2/__init__.py | 17 +++- src/saml2/client.py | 20 ++-- src/saml2/md.py | 169 ++++++++++++++++--------------- src/saml2/metadata.py | 12 ++- src/saml2/saml.py | 199 +++++++++++++++++++++--------------- src/saml2/samlp.py | 198 ++++++++++++++++++------------------ src/saml2/sigver.py | 8 +- src/xmldsig/__init__.py | 219 ++++++++++++++++++++++++---------------- src/xmlenc/__init__.py | 99 +++++++++++------- 9 files changed, 534 insertions(+), 407 deletions(-) diff --git a/src/saml2/__init__.py b/src/saml2/__init__.py index 96a12f9..ab6367b 100644 --- a/src/saml2/__init__.py +++ b/src/saml2/__init__.py @@ -38,9 +38,9 @@ except ImportError: except ImportError: from elementtree import ElementTree -SAML_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion' -SAML_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s' -XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance' +NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion' +#TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s' +#XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance' NAMEID_FORMAT_EMAILADDRESS = ( "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress") @@ -438,3 +438,14 @@ class SamlBase(ExtensionContainer): self.__dict__[extension_attribute_name] = value +def extension_element_to_element(extension_element, element_to_string, + namespace=None): + if extension_element.namespace == namespace: + try: + ets = element_to_string[extension_element.tag] + return ets(extension_element.to_string()) + except KeyError: + pass + + return None + \ No newline at end of file diff --git a/src/saml2/client.py b/src/saml2/client.py index b89bdb8..15bd2dd 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -9,12 +9,8 @@ except ImportError: from md5 import md5 import zlib -from subprocess import Popen, PIPE - -from saml2 import samlp, saml, metadata +from saml2 import samlp, saml from saml2.sigver import correctly_signed_response -from saml2.metadata import cert_from_assertion -#from saml2.metadata import load_certs_to_manager DEFAULT_BINDING = saml2.BINDING_HTTP_REDIRECT @@ -323,7 +319,7 @@ class Saml2Client: def init_request(self, request, destination): request.id = _sid() request.version = "2.0" - request.issue_instant = date_and_time() + request.issue_instant = get_date_and_time() request.destination = destination return request @@ -342,11 +338,11 @@ class Saml2Client: :return: An AttributeQuery instance """ - attr_query = self.init_request(samlp.AttributeQuery()) + attr_query = self.init_request(samlp.AttributeQuery(), destination) - subject = samlp.Subject() - name_id = samlp.NameID() - name_id.format = NAMEID_FORMAT_PERSISTENT + subject = saml.Subject() + name_id = saml.NameID() + name_id.format = saml.NAMEID_FORMAT_PERSISTENT if name_qualifier: name_id.name_qualifier = name_qualifier if sp_name_qualifier: @@ -357,7 +353,7 @@ class Saml2Client: attr_query.subject = subject if attribute: attrs = [] - for attr,values in attribute.items(): + for attr, values in attribute.items(): sattr = saml.Attribute() sattr.name = attr #sattr.name_format = NAME_FORMAT_UNSPECIFIED @@ -400,7 +396,7 @@ class Saml2Client: logout_req = self.init_request(samlp.LogoutRequest()) logout_req.session_index = _sid() - logout_req.base_id = samlp.BaseID(text=subject_id) + logout_req.base_id = saml.BaseID(text=subject_id) if reason: logout_req.reason = reason if not_on_or_after: diff --git a/src/saml2/md.py b/src/saml2/md.py index 28a0ece..2e1ee11 100644 --- a/src/saml2/md.py +++ b/src/saml2/md.py @@ -24,18 +24,20 @@ from saml2 import saml, SamlBase, create_class_from_xml_string from saml2.saml import Attribute +from saml2.saml import NAMESPACE as SAML_NAMESPACE import xmldsig as ds +from xmldsig import NAMESPACE as DS_NAMESPACE +from xmlenc import NAMESPACE as XMLENC_NAMESPACE -MD_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata' -MD_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:metadata}%s' -XMLENC_NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#' +NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:metadata' +#MD_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:metadata}%s' XML_TEMPLATE = '{http://www.w3.org/XML/1998/namespace}%s' class Extensions(SamlBase): """The md:Extensions element""" c_tag = 'Extensions' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -46,7 +48,7 @@ def extensions_from_string(xml_string): class LocalizedName(SamlBase): """The md:LocalizedName abstract type""" c_tag = 'LocalizedName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes[XML_TEMPLATE % 'lang'] = 'lang' @@ -71,7 +73,7 @@ def localized_name_from_string(xml_string): class LocalizedURI(SamlBase): """The md:LocalizedURI abstract type""" c_tag = 'LocalizedURI' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes[XML_TEMPLATE % 'lang'] = 'lang' @@ -97,7 +99,7 @@ def localized_uri_from_string(xml_string): class OrganizationName(LocalizedName): """The md:OrganizationName element""" c_tag = 'OrganizationName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = LocalizedName.c_children.copy() c_attributes = LocalizedName.c_attributes.copy() @@ -123,7 +125,7 @@ def organization_name_from_string(xml_string): class OrganizationDisplayName(LocalizedName): """The md:OrganizationDisplayName element""" c_tag = 'OrganizationDisplayName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = LocalizedName.c_children.copy() c_attributes = LocalizedName.c_attributes.copy() @@ -149,7 +151,7 @@ def organization_display_name_from_string(xml_string): class OrganizationURL(LocalizedURI): """The md:OrganizationURL element""" c_tag = 'OrganizationURL' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = LocalizedURI.c_children.copy() c_attributes = LocalizedURI.c_attributes.copy() @@ -176,15 +178,15 @@ class Organization(SamlBase): """The md:Organization base type""" c_tag = 'Organization' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() - c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions) - c_children['{%s}OrganizationName' % MD_NAMESPACE] = ( + c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions) + c_children['{%s}OrganizationName' % NAMESPACE] = ( 'organization_name', [OrganizationName]) - c_children['{%s}OrganizationDisplayName' % MD_NAMESPACE] = ( + c_children['{%s}OrganizationDisplayName' % NAMESPACE] = ( 'organization_display_name', [OrganizationDisplayName]) - c_children['{%s}OrganizationURL' % MD_NAMESPACE] = ( + c_children['{%s}OrganizationURL' % NAMESPACE] = ( 'organization_url', [OrganizationURL]) child_order = ['extensions', 'organization_name', 'organization_display_name', 'organization_url'] @@ -218,7 +220,7 @@ class Endpoint(SamlBase): """The md:Endpoint base type""" c_tag = 'Endpoint' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Binding'] = 'binding' @@ -251,7 +253,7 @@ class IndexedEndpoint(Endpoint): """The md:IndexedEndpoint base type""" c_tag = 'IndexedEndpoint' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = Endpoint.c_children.copy() c_attributes = Endpoint.c_attributes.copy() c_attributes['index'] = 'index' @@ -286,7 +288,7 @@ class Company(SamlBase): """The md:Company element""" c_tag = 'Company' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -299,7 +301,7 @@ class GivenName(SamlBase): """The md:GivenName element""" c_tag = 'GivenName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -312,7 +314,7 @@ class SurName(SamlBase): """The md:SurName element""" c_tag = 'SurName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -325,7 +327,7 @@ class EmailAddress(SamlBase): """The md:EmailAddress element""" c_tag = 'EmailAddress' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -338,7 +340,7 @@ class TelephoneNumber(SamlBase): """The md:TelephoneNumber element""" c_tag = 'TelephoneNumber' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -351,17 +353,17 @@ class ContactPerson(SamlBase): """The md:ContactPerson element""" c_tag = 'ContactPerson' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['contactType'] = 'contact_type' - c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions) - c_children['{%s}Company' % MD_NAMESPACE] = ('company', Company) - c_children['{%s}GivenName' % MD_NAMESPACE] = ('given_name', GivenName) - c_children['{%s}SurName' % MD_NAMESPACE] = ('sur_name', SurName) - c_children['{%s}EmailAddress' % MD_NAMESPACE] = ( + c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions) + c_children['{%s}Company' % NAMESPACE] = ('company', Company) + c_children['{%s}GivenName' % NAMESPACE] = ('given_name', GivenName) + c_children['{%s}SurName' % NAMESPACE] = ('sur_name', SurName) + c_children['{%s}EmailAddress' % NAMESPACE] = ( 'email_address', [EmailAddress]) - c_children['{%s}TelephoneNumber' % MD_NAMESPACE] = ( + c_children['{%s}TelephoneNumber' % NAMESPACE] = ( 'telephone_number', [TelephoneNumber]) c_child_order = ['extensions', 'company', 'given_name', 'sur_name', 'email_address', 'telephone_number'] @@ -402,7 +404,7 @@ class AdditionalMetadataLocation(SamlBase): """The md:AdditionalMetadataLocation element""" c_tag = 'AdditionalMetadataLocation' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['namespace'] = 'namespace' @@ -455,14 +457,14 @@ class EncryptionMethod(SamlBase): """The md:EncryptionMethod element""" c_tag = 'EncryptionMethod' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Algorithm'] = 'algorithm' c_children['{%s}KeySize' % XMLENC_NAMESPACE] = ('key_size', KeySize) c_children['{%s}OAEPparams' % XMLENC_NAMESPACE] = ( 'oaep_params', OAEPparams) - c_children['{%s}DigestMethod' % ds.DS_NAMESPACE] = ( + c_children['{%s}DigestMethod' % DS_NAMESPACE] = ( 'digest_method', ds.DigestMethod) c_child_order = ['key_size', 'oaep_params', 'digest_method'] @@ -495,12 +497,12 @@ class KeyDescriptor(SamlBase): """The md:KeyDescriptor element""" c_tag = 'KeyDescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['use'] = 'use' - c_children['{%s}KeyInfo' % ds.DS_NAMESPACE] = ('key_info', ds.KeyInfo) - c_children['{%s}EncryptionMethod' % MD_NAMESPACE] = ( + c_children['{%s}KeyInfo' % DS_NAMESPACE] = ('key_info', ds.KeyInfo) + c_children['{%s}EncryptionMethod' % NAMESPACE] = ( 'encryption_method', [EncryptionMethod]) c_child_order = ['key_info', 'encryption_method'] @@ -531,7 +533,7 @@ class RoleDescriptor(SamlBase): """The md:RoleDescriptor element""" c_tag = 'RoleDescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['ID'] = 'identifier' @@ -539,13 +541,13 @@ class RoleDescriptor(SamlBase): c_attributes['cacheDuration'] = 'cache_duration' c_attributes['protocolSupportEnumeration'] = 'protocol_support_enumeration' c_attributes['errorURL'] = 'error_url' - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature) - c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions) - c_children['{%s}KeyDescriptor' % MD_NAMESPACE] = ( + c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature) + c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions) + c_children['{%s}KeyDescriptor' % NAMESPACE] = ( 'key_descriptor', [KeyDescriptor]) - c_children['{%s}Organization' % MD_NAMESPACE] = ( + c_children['{%s}Organization' % NAMESPACE] = ( 'organization', Organization) - c_children['{%s}ContactPerson' % MD_NAMESPACE] = ( + c_children['{%s}ContactPerson' % NAMESPACE] = ( 'contact_person', [ContactPerson]) c_child_order = ['signature', 'extensions', 'key_descriptor', 'organization', 'contact_person'] @@ -629,7 +631,7 @@ class NameIDFormat(SamlBase): """The md:NameIDFormat element""" c_tag = 'NameIDFormat' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -642,16 +644,16 @@ class SSODescriptor(RoleDescriptor): """The md:SSODescriptor element""" c_tag = 'SSODescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = RoleDescriptor.c_children.copy() c_attributes = RoleDescriptor.c_attributes.copy() - c_children['{%s}ArtifactResolutionService' % MD_NAMESPACE] = ( + c_children['{%s}ArtifactResolutionService' % NAMESPACE] = ( 'artifact_resolution_service', [ArtifactResolutionService]) - c_children['{%s}SingleLogoutService' % MD_NAMESPACE] = ( + c_children['{%s}SingleLogoutService' % NAMESPACE] = ( 'single_logout_service', [SingleLogoutService]) - c_children['{%s}ManageNameIDService' % MD_NAMESPACE] = ( + c_children['{%s}ManageNameIDService' % NAMESPACE] = ( 'manage_name_id_service', [ManageNameIDService]) - c_children['{%s}NameIDFormat' % MD_NAMESPACE] = ( + c_children['{%s}NameIDFormat' % NAMESPACE] = ( 'name_id_format', [NameIDFormat]) c_child_order = ['signature', 'extensions', 'key_descriptor', @@ -734,7 +736,7 @@ class AttributeProfile(SamlBase): """The md:AttributeProfile element""" c_tag = 'AttributeProfile' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -747,19 +749,19 @@ class IDPSSODescriptor(SSODescriptor): """The md:IDPSSODescriptor element""" c_tag = 'IDPSSODescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SSODescriptor.c_children.copy() c_attributes = SSODescriptor.c_attributes.copy() c_attributes['WantAuthnRequestsSigned'] = 'want_authn_requests_signed' - c_children['{%s}SingleSignOnService' % MD_NAMESPACE] = ( + c_children['{%s}SingleSignOnService' % NAMESPACE] = ( 'single_sign_on_service', [SingleSignOnService]) - c_children['{%s}NameIDMappingService' % MD_NAMESPACE] = ( + c_children['{%s}NameIDMappingService' % NAMESPACE] = ( 'name_id_mapping_service', [NameIDMappingService]) - c_children['{%s}AssertionIDRequestService' % MD_NAMESPACE] = ( + c_children['{%s}AssertionIDRequestService' % NAMESPACE] = ( 'assertion_id_request_service', [AssertionIDRequestService]) - c_children['{%s}AttributeProfile' % MD_NAMESPACE] = ( + c_children['{%s}AttributeProfile' % NAMESPACE] = ( 'attribute_profile', [AttributeProfile]) - c_children['{%s}Attribute' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Attribute' % SAML_NAMESPACE] = ( 'attribute', [Attribute]) c_child_order = ['signature', 'extensions', 'key_descriptor', @@ -831,7 +833,7 @@ def idpsso_descriptor_from_string(xml_string): class RequestedAttribute(Attribute): c_tag = 'RequestedAttribute' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = Attribute.c_children.copy() c_attributes = Attribute.c_attributes.copy() c_attributes['isRequired'] = 'is_required' @@ -864,7 +866,7 @@ def requested_attribute_from_string(xml_string): class ServiceName(LocalizedName): """The md:ServiceName element""" c_tag = 'ServiceName' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = LocalizedName.c_children.copy() c_attributes = LocalizedName.c_attributes.copy() @@ -889,7 +891,7 @@ def service_name_from_string(xml_string): class ServiceDescription(LocalizedName): """The md:ServiceDescription element""" c_tag = 'ServiceDescription' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = LocalizedName.c_children.copy() c_attributes = LocalizedName.c_attributes.copy() @@ -915,16 +917,16 @@ class AttributeConsumingService(SamlBase): """The md:AttributeConsumingService element""" c_tag = 'AttributeConsumingService' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['index'] = 'index' c_attributes['isDefault'] = 'is_default' - c_children['{%s}ServiceName' % MD_NAMESPACE] = ( + c_children['{%s}ServiceName' % NAMESPACE] = ( 'service_name', [ServiceName]) - c_children['{%s}ServiceDescription' % MD_NAMESPACE] = ( + c_children['{%s}ServiceDescription' % NAMESPACE] = ( 'service_description', [ServiceDescription]) - c_children['{%s}RequestedAttribute' % MD_NAMESPACE] = ( + c_children['{%s}RequestedAttribute' % NAMESPACE] = ( 'requested_attribute', [RequestedAttribute]) c_child_order = ['service_name', 'service_description', 'requested_attribute'] @@ -961,14 +963,14 @@ class SPSSODescriptor(SSODescriptor): """The md:SPSSODescriptor element""" c_tag = 'SPSSODescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SSODescriptor.c_children.copy() c_attributes = SSODescriptor.c_attributes.copy() c_attributes['AuthnRequestsSigned'] = 'authn_requests_signed' c_attributes['WantAssertionsSigned'] = 'want_assertions_signed' - c_children['{%s}AssertionConsumerService' % MD_NAMESPACE] = ( + c_children['{%s}AssertionConsumerService' % NAMESPACE] = ( 'assertion_consumer_service', [AssertionConsumerService]) - c_children['{%s}AttributeConsumingService' % MD_NAMESPACE] = ( + c_children['{%s}AttributeConsumingService' % NAMESPACE] = ( 'attribute_consuming_service', [AttributeConsumingService]) c_child_order = ['signature', 'extensions', 'key_descriptor', @@ -994,7 +996,8 @@ class SPSSODescriptor(SSODescriptor): :param identifier: ID attribute :param valid_until: validUntil attribute :param cache_duration: cacheDuration attribute - :param protocol_support_enumeration: protocolSupportEnumeration attribute + :param protocol_support_enumeration: protocolSupportEnumeration + attribute :param error_url: errorURL attribute :param signature: ds:Signature element :param extensions: Extensions element @@ -1011,12 +1014,14 @@ class SPSSODescriptor(SSODescriptor): :param attribute_consuming_service: AttributeConsumingService elements :param text: The text data in the this element :param extension_elements: A list of ExtensionElement instances - :param extension_attributes: A dictionary of attribute value string pairs + :param extension_attributes: A dictionary of attribute value string + pairs """ SSODescriptor.__init__(self, artifact_resolution_service, single_logout_service, manage_name_id_service, - name_id_format, identifier, valid_until, cache_duration, - protocol_support_enumeration, error_url, signature, + name_id_format, identifier, valid_until, + cache_duration, protocol_support_enumeration, + error_url, signature, extensions, key_descriptor, organization, contact_person, text, extension_elements, extension_attributes) @@ -1038,28 +1043,28 @@ class EntityDescriptor(SamlBase): # AffiliationDescriptor is not implemented yet c_tag = 'EntityDescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['entityID'] = 'entity_id' c_attributes['ID'] = 'identifier' c_attributes['validUntil'] = 'valid_until' c_attributes['cacheDuration'] = 'cache_duration' - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature) - c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions) - c_children['{%s}RoleDescriptor' % MD_NAMESPACE] = ( + c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature) + c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions) + c_children['{%s}RoleDescriptor' % NAMESPACE] = ( 'role_descriptor', [RoleDescriptor]) - c_children['{%s}IDPSSODescriptor' % MD_NAMESPACE] = ( + c_children['{%s}IDPSSODescriptor' % NAMESPACE] = ( 'idp_sso_descriptor', [IDPSSODescriptor]) - c_children['{%s}SPSSODescriptor' % MD_NAMESPACE] = ( + c_children['{%s}SPSSODescriptor' % NAMESPACE] = ( 'sp_sso_descriptor', [SPSSODescriptor]) - c_children['{%s}Organization' % MD_NAMESPACE] = ( + c_children['{%s}Organization' % NAMESPACE] = ( 'organization', Organization) - c_children['{%s}ContactPerson' % MD_NAMESPACE] = ( + c_children['{%s}ContactPerson' % NAMESPACE] = ( 'contact_person', [ContactPerson]) - c_children['{%s}ContactPerson' % MD_NAMESPACE] = ( + c_children['{%s}ContactPerson' % NAMESPACE] = ( 'contact_person', [ContactPerson]) - c_children['{%s}AdditionalMetadataLocation' % MD_NAMESPACE] = ( + c_children['{%s}AdditionalMetadataLocation' % NAMESPACE] = ( 'additional_metadata_location', [AdditionalMetadataLocation]) c_child_order = ['signature', 'extensions', 'role_descriptor', 'idp_sso_descriptor', 'sp_sso_descriptor', 'organization', @@ -1113,16 +1118,16 @@ class EntitiesDescriptor(SamlBase): """The md:EntitiesDescriptor element""" c_tag = 'EntitiesDescriptor' - c_namespace = MD_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['name'] = 'name' c_attributes['ID'] = 'identifier' c_attributes['validUntil'] = 'valid_until' c_attributes['cacheDuration'] = 'cache_duration' - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature) - c_children['{%s}Extensions' % MD_NAMESPACE] = ('extensions', Extensions) - c_children['{%s}EntityDescriptor' % MD_NAMESPACE] = ( + c_children['{%s}Signature' % DS_NAMESPACE] = ('signature', ds.Signature) + c_children['{%s}Extensions' % NAMESPACE] = ('extensions', Extensions) + c_children['{%s}EntityDescriptor' % NAMESPACE] = ( 'entity_descriptor', [EntityDescriptor]) c_child_order = ['signature', 'extensions', 'entity_descriptor', 'entities_descriptor'] @@ -1156,7 +1161,7 @@ class EntitiesDescriptor(SamlBase): self.entity_descriptor = entity_descriptor or [] self.entities_descriptor = entities_descriptor or [] -EntitiesDescriptor.c_children['{%s}EntitiesDescriptor' % MD_NAMESPACE] = ( +EntitiesDescriptor.c_children['{%s}EntitiesDescriptor' % NAMESPACE] = ( 'entities_descriptor', [EntitiesDescriptor]) def entities_descriptor_from_string(xml_string): diff --git a/src/saml2/metadata.py b/src/saml2/metadata.py index 84d6478..b8ad013 100644 --- a/src/saml2/metadata.py +++ b/src/saml2/metadata.py @@ -49,8 +49,10 @@ class MetaData(dict): def __init_(self, arg=None): dict.__init__(self, arg) + self._loc_key = {} + self._loc_bind = {} - def import_metadata(self,xml_str): + def import_metadata(self, xml_str): """ Import information; organization distinguish name, location and certificates from a metadata file. @@ -68,7 +70,8 @@ class MetaData(dict): #print "--",len(entity_descriptor.idp_sso_descriptor) for idp in entity_descriptor.idp_sso_descriptor: - if samlp.SAMLP_NAMESPACE not in idp.protocol_support_enumeration.split(" "): + if samlp.SAMLP_NAMESPACE not in \ + idp.protocol_support_enumeration.split(" "): #print "<<<", idp.protocol_support_enumeration continue @@ -142,7 +145,8 @@ def cert_from_assertion(assertion): def make_entity_description(): org = md.Organization( organization_name = [md.Organization(text="Example Inc.")], - organization_url = [md.OrganizationURL(text="http://www.example.com/")]) + organization_url = [md.OrganizationURL( + text="http://www.example.com/")]) spsso = md.SPSSODescriptor( protocolSupportEnumeration = samlp.SAMLP_NAMESPACE, @@ -150,7 +154,7 @@ def make_entity_description(): authn_requests_signed = False ) - return md.EntityDescription( + return md.EntityDescriptor( entity_id = "http://xenosmilus.umdc.umu.se:8087/", organization = org, sp_sso_descriptor = [spsso] diff --git a/src/saml2/saml.py b/src/saml2/saml.py index d7487a7..ba6d263 100644 --- a/src/saml2/saml.py +++ b/src/saml2/saml.py @@ -29,8 +29,7 @@ import xmldsig as ds import saml2 from saml2 import SamlBase -SAML_NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion' -SAML_TEMPLATE = '{urn:oasis:names:tc:SAML:2.0:assertion}%s' +NAMESPACE = 'urn:oasis:names:tc:SAML:2.0:assertion' XSI_NAMESPACE = 'http://www.w3.org/2001/XMLSchema-instance' NAMEID_FORMAT_EMAILADDRESS = ( @@ -66,7 +65,7 @@ class BaseID(SamlBase): """ The saml:BaseID element """ c_tag = 'BaseID' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['NameQualifier'] = 'name_qualifier' @@ -103,7 +102,7 @@ class NameID(BaseID): """The saml:NameID element""" c_tag = 'NameID' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = BaseID.c_children.copy() c_attributes = BaseID.c_attributes.copy() c_attributes['Format'] = 'name_format' @@ -144,7 +143,7 @@ def name_id_from_string(xml_string): class EncryptedID(SamlBase): """The saml:EncryptedID element""" c_tag = 'EncryptedID' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -178,7 +177,7 @@ class AssertionIDRef(SamlBase): """The saml:AssertionIDRef element makes a reference to a SAML assertion by its unique identifier.""" c_tag = 'AssertionIDRef' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -194,7 +193,7 @@ class AssertionURIRef(SamlBase): """The saml:AssertionURIRef element makes a reference to a SAML assertion by URI reference.""" c_tag = 'AssertionURIRef' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -212,7 +211,7 @@ class EncryptedAssertion(SamlBase): Processing specification""" c_tag = 'EncryptedAssertion' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -233,7 +232,7 @@ class SubjectConfirmationData(SamlBase): under which the act of subject confirmation can take place""" c_tag = 'SubjectConfirmationData' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['NotBefore'] = 'not_before' @@ -293,25 +292,25 @@ class SubjectConfirmation(SamlBase): the party with whom the relying party is communicating.""" c_tag = 'SubjectConfirmation' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Method'] = 'method' - c_children['{%s}BaseID' % SAML_NAMESPACE] = ('base_id', BaseID) - c_children['{%s}NameID' % SAML_NAMESPACE] = ('name_id', NameID) - c_children['{%s}EncryptedID' % SAML_NAMESPACE] = ('encrypted_id', + c_children['{%s}BaseID' % NAMESPACE] = ('base_id', BaseID) + c_children['{%s}NameID' % NAMESPACE] = ('name_id', NameID) + c_children['{%s}EncryptedID' % NAMESPACE] = ('encrypted_id', EncryptedID) - c_children['{%s}SubjectConfirmationData' % SAML_NAMESPACE] = ( + c_children['{%s}SubjectConfirmationData' % NAMESPACE] = ( 'subject_confirmation_data', SubjectConfirmationData) c_child_order = ['base_id', 'name_id', 'encrypted_id', 'subject_confirmation_data'] - def __init__(self, method=None, name_id=None, + def __init__(self, base_id=None, name_id=None, encrypted_id=None, subject_confirmation_data=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for SubjectConfirmation - :param method: Method attribute + :param base_id: Method attribute :param name_id: NameID element :param subject_confirmation_data: SubjectConfirmationData element :param text: The text data in this element @@ -321,8 +320,9 @@ class SubjectConfirmation(SamlBase): """ SamlBase.__init__(self, text, extension_elements, extension_attributes) - self.method = method + self.base_id = base_id self.name_id = name_id + self.encrypted_id = encrypted_id self.subject_confirmation_data = subject_confirmation_data def subject_confirmation_from_string(xml_string): @@ -335,14 +335,13 @@ def subject_confirmation_from_string(xml_string): class Subject(SamlBase): """The saml:Subject element""" - # TODO: BaseID, EncryptedID element c_tag = 'Subject' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() - c_children['{%s}NameID' % SAML_NAMESPACE] = ('name_id', NameID) - c_children['{%s}SubjectConfirmation' % SAML_NAMESPACE] = ( + c_children['{%s}NameID' % NAMESPACE] = ('name_id', NameID) + c_children['{%s}SubjectConfirmation' % NAMESPACE] = ( 'subject_confirmation', [SubjectConfirmation]) c_child_order = ['name_id', 'subject_confirmation'] @@ -375,7 +374,7 @@ class Condition(SamlBase): """The saml:Condition element""" c_tag = 'Condition' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -393,7 +392,7 @@ class Audience(SamlBase): audience.""" c_tag = 'Audience' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -411,10 +410,10 @@ class AudienceRestriction(Condition): elements.""" c_tag = 'AudienceRestriction' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = Condition.c_children.copy() c_attributes = Condition.c_attributes.copy() - c_children['{%s}Audience' % SAML_NAMESPACE] = ('audience', Audience) + c_children['{%s}Audience' % NAMESPACE] = ('audience', Audience) def __init__(self, audience=None, text=None, extension_elements=None, extension_attributes=None): @@ -427,7 +426,7 @@ class AudienceRestriction(Condition): pairs """ - Condition.__init__(self, text,extension_elements, + Condition.__init__(self, text, extension_elements, extension_attributes) self.audience = audience @@ -465,11 +464,11 @@ class ProxyRestriction(Condition): of the information contained in the original assertion.""" c_tag = 'ProxyRestriction' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = Condition.c_children.copy() c_attributes = Condition.c_attributes.copy() c_attributes['Count'] = 'count' - c_children['{%s}Audience' % SAML_NAMESPACE] = ('audience', [Audience]) + c_children['{%s}Audience' % NAMESPACE] = ('audience', [Audience]) def __init__(self, count=None, audience=None, text=None, extension_elements=None, extension_attributes=None): @@ -501,17 +500,17 @@ class Conditions(SamlBase): """The saml:Conditions element""" c_tag = 'Conditions' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['NotBefore'] = 'not_before' c_attributes['NotOnOrAfter'] = 'not_on_or_after' - c_children['{%s}Condition' % SAML_NAMESPACE] = ('condition', [Condition]) - c_children['{%s}AudienceRestriction' % SAML_NAMESPACE] = ( + c_children['{%s}Condition' % NAMESPACE] = ('condition', [Condition]) + c_children['{%s}AudienceRestriction' % NAMESPACE] = ( 'audience_restriction', [AudienceRestriction]) - c_children['{%s}OneTimeUse' % SAML_NAMESPACE] = ( + c_children['{%s}OneTimeUse' % NAMESPACE] = ( 'one_time_use', [OneTimeUse]) - c_children['{%s}ProxyRestriction' % SAML_NAMESPACE] = ( + c_children['{%s}ProxyRestriction' % NAMESPACE] = ( 'proxy_restriction', [ProxyRestriction]) c_child_order = ['condition', 'audience_restriction', 'one_time_use', 'proxy_restriction'] @@ -565,7 +564,7 @@ class Statement(SamlBase): assertion-based applications to reuse the SAML assertion framework.""" c_tag = 'Statement' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -581,7 +580,7 @@ class SubjectLocality(SamlBase): """The saml:SubjectLocality element""" c_tag = 'SubjectLocality' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Address'] = 'address' @@ -613,7 +612,7 @@ class AuthnContextClassRef(SamlBase): """The saml:AuthnContextClassRef element""" c_tag = 'AuthnContextClassRef' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -626,7 +625,7 @@ class AuthnContextDeclRef(SamlBase): """The saml:AuthnContextDeclRef element""" c_tag = 'AuthnContextDeclRef' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -639,7 +638,7 @@ class AuthnContextDecl(SamlBase): """The saml:AuthnContextDecl element""" c_tag = 'AuthnContextDecl' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -652,7 +651,7 @@ class AuthenticatingAuthority(SamlBase): """The saml:AuthenticatingAuthority element""" c_tag = 'AuthenticatingAuthority' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -666,16 +665,16 @@ class AuthnContext(SamlBase): """The saml:AuthnContext element""" c_tag = 'AuthnContext' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() - c_children['{%s}AuthnContextClassRef' % SAML_NAMESPACE] = ( + c_children['{%s}AuthnContextClassRef' % NAMESPACE] = ( 'authn_context_class_ref', AuthnContextClassRef) - c_children['{%s}AuthnContextDeclRef' % SAML_NAMESPACE] = ( + c_children['{%s}AuthnContextDeclRef' % NAMESPACE] = ( 'authn_context_decl_ref', AuthnContextDeclRef) - c_children['{%s}AuthnContextDecl' % SAML_NAMESPACE] = ( + c_children['{%s}AuthnContextDecl' % NAMESPACE] = ( 'authn_context_decl', AuthnContextDecl) - c_children['{%s}AuthenticatingAuthority' % SAML_NAMESPACE] = ( + c_children['{%s}AuthenticatingAuthority' % NAMESPACE] = ( 'authenticating_authority', [AuthenticatingAuthority]) c_child_order = ['authn_context_class_ref', 'authn_context_decl', 'authn_context_decl_ref', @@ -725,15 +724,15 @@ class AuthnStatement(Statement): """The saml:AuthnStatement element""" c_tag = 'AuthnStatement' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = Statement.c_children.copy() c_attributes = Statement.c_attributes.copy() c_attributes['AuthnInstant'] = 'authn_instant' c_attributes['SessionIndex'] = 'session_index' c_attributes['SessionNotOnOrAfter'] = 'session_not_on_or_after' - c_children['{%s}SubjectLocality' % SAML_NAMESPACE] = ( + c_children['{%s}SubjectLocality' % NAMESPACE] = ( 'subject_locality', SubjectLocality) - c_children['{%s}AuthnContext' % SAML_NAMESPACE] = ( + c_children['{%s}AuthnContext' % NAMESPACE] = ( 'authn_context', AuthnContext) c_child_order = ['subject_locality', 'authn_context'] @@ -784,7 +783,7 @@ class AttributeValue(SamlBase): attribute.""" c_tag = 'AttributeValue' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -803,7 +802,7 @@ class EncryptedAttribute(SamlBase): specification.""" c_tag = 'EncryptedAttribute' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() @@ -819,13 +818,13 @@ class Attribute(SamlBase): """The saml:Attribute element""" c_tag = 'Attribute' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Name'] = 'name' c_attributes['NameFormat'] = 'name_format' c_attributes['FriendlyName'] = 'friendly_name' - c_children['{%s}AttributeValue' % SAML_NAMESPACE] = ('attribute_value', + c_children['{%s}AttributeValue' % NAMESPACE] = ('attribute_value', [AttributeValue]) def __init__(self, name=None, name_format=None, friendly_name=None, @@ -868,13 +867,12 @@ class AttributeStatement(Statement): authority asserting that the assertion subject is associated with the specified attributes.""" - # TODO: EncryptedAttribute c_tag = 'AttributeStatement' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = Statement.c_children.copy() c_attributes = Statement.c_attributes.copy() - c_children['{%s}Attribute' % SAML_NAMESPACE] = ('attribute', [Attribute]) - c_children['{%s}EncryptedAttribute' % SAML_NAMESPACE] = ( + c_children['{%s}Attribute' % NAMESPACE] = ('attribute', [Attribute]) + c_children['{%s}EncryptedAttribute' % NAMESPACE] = ( 'encrypted_attribute', [EncryptedAttribute]) c_child_order = ['attribute', 'encrypted_attribute'] @@ -908,7 +906,7 @@ class Action(SamlBase): for which permission is sought.""" c_tag = 'Action' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Namespace'] = 'namespace' @@ -943,16 +941,16 @@ class Evidence(SamlBase): the authorization decision.""" c_tag = 'Evidence' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() - c_children['{%s}AssertionIDRef' % SAML_NAMESPACE] = ('assertion_id_ref', + c_children['{%s}AssertionIDRef' % NAMESPACE] = ('assertion_id_ref', [AssertionIDRef]) - c_children['{%s}AssertionURIRef' % SAML_NAMESPACE] = ('assertion_uri_ref', + c_children['{%s}AssertionURIRef' % NAMESPACE] = ('assertion_uri_ref', [AssertionURIRef]) - c_children['{%s}EncryptedAssertion' % SAML_NAMESPACE] = ( + c_children['{%s}EncryptedAssertion' % NAMESPACE] = ( 'encrypted_assertion', [EncryptedAssertion]) - c_child_order = ['assertion_id_ref', 'assertion_uri_ref', + c_child_order = ['assertion_id_ref', 'assertion_uri_ref', 'assertion', 'encrypted_assertion'] def __init__(self, assertion_id_ref=None, assertion_uri_ref=None, @@ -992,14 +990,14 @@ class AuthzDecisionStatement(Statement): decision on the basis of some optionally specified evidence.""" c_tag = 'AuthzDecisionStatement' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = Statement.c_children.copy() c_attributes = Statement.c_attributes.copy() c_attributes['Resource'] = 'resource' c_attributes['Decision'] = 'decision' - c_children['{%s}Action' % SAML_NAMESPACE] = ('action', [Action]) - c_children['{%s}Evidence' % SAML_NAMESPACE] = ('evidence', [Evidence]) + c_children['{%s}Action' % NAMESPACE] = ('action', [Action]) + c_children['{%s}Evidence' % NAMESPACE] = ('evidence', [Evidence]) c_child_order = ['action', 'evidence'] def __init__(self, resource=None, decision=None, action=None, @@ -1041,23 +1039,23 @@ def authz_decision_statement_from_string(xml_string): class Assertion(SamlBase): """The saml:Assertion element""" c_tag = 'Assertion' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Version'] = 'version' c_attributes['ID'] = 'identifier' c_attributes['IssueInstant'] = 'issue_instant' - c_children['{%s}Issuer' % SAML_NAMESPACE] = ('issuer', Issuer) - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature) - c_children['{%s}Subject' % SAML_NAMESPACE] = ('subject', Subject) - c_children['{%s}Conditions' % SAML_NAMESPACE] = ('conditions', Conditions) - #c_children['{%s}Advice' % SAML_NAMESPACE] = ('advice', Advice) - c_children['{%s}Statement' % SAML_NAMESPACE] = ('statement', [Statement]) - c_children['{%s}AuthnStatement' % SAML_NAMESPACE] = ( + c_children['{%s}Issuer' % NAMESPACE] = ('issuer', Issuer) + c_children['{%s}Signature' % ds.NAMESPACE] = ('signature', ds.Signature) + c_children['{%s}Subject' % NAMESPACE] = ('subject', Subject) + c_children['{%s}Conditions' % NAMESPACE] = ('conditions', Conditions) + #c_children['{%s}Advice' % NAMESPACE] = ('advice', Advice) + c_children['{%s}Statement' % NAMESPACE] = ('statement', [Statement]) + c_children['{%s}AuthnStatement' % NAMESPACE] = ( 'authn_statement', [AuthnStatement]) - c_children['{%s}AuthzDecisionStatement' % SAML_NAMESPACE] = ( + c_children['{%s}AuthzDecisionStatement' % NAMESPACE] = ( 'authz_decision_statement', [AuthzDecisionStatement]) - c_children['{%s}AttributeStatement' % SAML_NAMESPACE] = ( + c_children['{%s}AttributeStatement' % NAMESPACE] = ( 'attribute_statement', [AttributeStatement]) c_child_order = ['issuer', 'signature', 'subject', 'conditions', 'advice', 'statement', 'authn_statement', 'authz_decision_statement', @@ -1124,7 +1122,7 @@ def assertion_from_string(xml_string): """ Create Assertion instance from an XML string """ return saml2.create_class_from_xml_string(Assertion, xml_string) -Evidence.c_children['{%s}Assertion' % SAML_NAMESPACE] = ( +Evidence.c_children['{%s}Assertion' % NAMESPACE] = ( 'assertion', [Assertion]) # --------------------------------------------------------------------------- @@ -1136,18 +1134,18 @@ class Advice(SamlBase): SAML authority wishes to provide.""" c_tag = 'Advice' - c_namespace = SAML_NAMESPACE + c_namespace = NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() - c_children['{%s}AssertionIDRef' % SAML_NAMESPACE] = ('assertion_id_ref', + c_children['{%s}AssertionIDRef' % NAMESPACE] = ('assertion_id_ref', [AssertionIDRef]) - c_children['{%s}AssertionURIRef' % SAML_NAMESPACE] = ('assertion_uri_ref', + c_children['{%s}AssertionURIRef' % NAMESPACE] = ('assertion_uri_ref', [AssertionURIRef]) - c_children['{%s}Assertion' % SAML_NAMESPACE] = ('assertion', [Assertion]) - c_children['{%s}EncryptedAssertion' % SAML_NAMESPACE] = ( + c_children['{%s}Assertion' % NAMESPACE] = ('assertion', [Assertion]) + c_children['{%s}EncryptedAssertion' % NAMESPACE] = ( 'encrypted_assertion', [EncryptedAssertion]) c_child_order = ['assertion_id_ref', 'assertion_uri_ref', - 'statement', 'encrypted_assertion'] + 'assertion', 'encrypted_assertion'] def __init__(self, assertion_id_ref=None, assertion_uri_ref=None, assertion=None, encrypted_assertion=None, text=None, @@ -1174,4 +1172,41 @@ def advice_from_string(xml_string): """ Create Advice instance from an XML string """ return saml2.create_class_from_xml_string(Advice, xml_string) -Assertion.c_children['{%s}Advice' % SAML_NAMESPACE] = ('advice', Advice) +Assertion.c_children['{%s}Advice' % NAMESPACE] = ('advice', Advice) +Evidence.c_children['{%s}Assertion' % NAMESPACE] = ('assertion', [Assertion]) + +ELEMENT_FROM_STRING = { + BaseID.c_tag: base_id_from_string, + NameID.c_tag: name_id_from_string, + EncryptedID.c_tag: encrypted_id_from_string, + Issuer.c_tag: issuer_from_string, + AssertionIDRef.c_tag: assertion_id_ref_from_string, + AssertionURIRef.c_tag: assertion_uri_ref_from_string, + EncryptedAssertion.c_tag: encrypted_assertion_from_string, + SubjectConfirmationData.c_tag: subject_confirmation_data_from_string, + SubjectConfirmation.c_tag: subject_confirmation_from_string, + Subject.c_tag: subject_from_string, + Condition.c_tag: condition_from_string, + Audience.c_tag: audience_from_string, + AudienceRestriction.c_tag: audience_restriction_from_string, + OneTimeUse.c_tag: one_time_use_from_string, + ProxyRestriction.c_tag: proxy_restriction_from_string, + Conditions.c_tag: conditions_from_string, + Statement.c_tag: statement_from_string, + SubjectLocality.c_tag: subject_locality_from_string, + AuthnContextClassRef.c_tag: authn_context_class_ref_from_string, + AuthnContextDeclRef.c_tag: authn_context_decl_ref_from_string, + AuthnContextDecl.c_tag: authn_context_decl_from_string, + AuthenticatingAuthority.c_tag: authenticating_authority_from_string, + AuthnContext.c_tag: authn_context_from_string, + AuthnStatement(Statement): authn_statement_from_string, + AttributeValue.c_tag: attribute_value_from_string, + EncryptedAttribute.c_tag: encrypted_attribute_from_string, + Attribute.c_tag: attribute_from_string, + AttributeStatement(Statement): attribute_statement_from_string, + Action.c_tag: action_from_string, + Evidence.c_tag: evidence_from_string, + AuthzDecisionStatement(Statement): authz_decision_statement_from_string, + Assertion.c_tag: assertion_from_string, + Advice.c_tag: advice_from_string, +} \ No newline at end of file diff --git a/src/saml2/samlp.py b/src/saml2/samlp.py index b4cfdad..caff3e3 100644 --- a/src/saml2/samlp.py +++ b/src/saml2/samlp.py @@ -93,18 +93,18 @@ class AbstractRequest(SamlBase): c_attributes['IssueInstant'] = 'issue_instant' c_attributes['Destination'] = 'destination' c_attributes['Consent'] = 'consent' - c_children['{%s}Issuer' % saml.SAML_NAMESPACE] = ('issuer', saml.Issuer) - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ('signature', ds.Signature) + c_children['{%s}Issuer' % saml.NAMESPACE] = ('issuer', saml.Issuer) + c_children['{%s}Signature' % ds.NAMESPACE] = ('signature', ds.Signature) c_children['{%s}Extensions' % SAMLP_NAMESPACE] = ('extensions', Extensions) c_child_order = ['issuer', 'signature', 'extensions'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for AbstractRequest - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -117,7 +117,7 @@ class AbstractRequest(SamlBase): :param extension_attributes: A dictionary of attribute value string pairs """ SamlBase.__init__(self, text, extension_elements, extension_attributes) - self.id = identifier + self.id = id self.version = version self.issue_instant = issue_instant self.destination = destination @@ -250,23 +250,23 @@ class StatusResponse(SamlBase): c_attributes['IssueInstant'] = 'issue_instant' c_attributes['Destination'] = 'destination' c_attributes['Consent'] = 'consent' - c_children['{%s}Issuer' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Issuer' % saml.NAMESPACE] = ( 'issuer', saml.Issuer) - c_children['{%s}Signature' % ds.DS_NAMESPACE] = ( + c_children['{%s}Signature' % ds.NAMESPACE] = ( 'signature', ds.Signature) c_children['{%s}Extensions' % SAMLP_NAMESPACE] = ( 'extensions', Extensions) c_children['{%s}Status' % SAMLP_NAMESPACE] = ('status', Status) c_child_order = ['issuer', 'signature', 'extensions', 'status'] - def __init__(self, identifier=None, in_response_to=None, version=None, + def __init__(self, id=None, in_response_to=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, status=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for StatusResponse - :param identifier: ID attribute + :param id: ID attribute :param in_respones_to: InResponseTo attribute :param version: Version attribute :param issue_instant: IssueInstant attribute @@ -284,7 +284,7 @@ class StatusResponse(SamlBase): SamlBase.__init__(self, text, extension_elements, extension_attributes) - self.id = identifier + self.id = id self.in_response_to = in_response_to self.version = version self.issue_instant = issue_instant @@ -313,14 +313,14 @@ class AssertionIDRequest(AbstractRequest): c_attributes = AbstractRequest.c_attributes.copy() c_attributes["AssertionIDRef"] = 'assertion_id_ref' - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, assertion_id_ref=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for AssertionIDRequest - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -335,7 +335,7 @@ class AssertionIDRequest(AbstractRequest): string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) @@ -357,17 +357,17 @@ class SubjectQuery(AbstractRequest): c_namespace = SAMLP_NAMESPACE c_children = AbstractRequest.c_children.copy() c_attributes = AbstractRequest.c_attributes.copy() - c_children['{%s}Subject' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Subject' % saml.NAMESPACE] = ( 'subject', saml.Subject) - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, subject=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for SubjectQuery - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -382,7 +382,7 @@ class SubjectQuery(AbstractRequest): string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) @@ -421,14 +421,14 @@ class AuthnQuery(SubjectQuery): c_attributes = SubjectQuery.c_attributes.copy() c_attributes['SessionIndex'] = 'session_index' - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, subject=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for SubjectQuery - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -443,7 +443,7 @@ class AuthnQuery(SubjectQuery): string pairs """ - SubjectQuery.__init__(self, identifier, version, issue_instant, + SubjectQuery.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) @@ -466,9 +466,9 @@ class RequestedAuthnContext(SamlBase): c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() c_attributes['Comparison'] = 'comparison' - c_children['{%s}AuthnContextClassRef' % saml.SAML_NAMESPACE] = ( + c_children['{%s}AuthnContextClassRef' % saml.NAMESPACE] = ( 'authn_context_class_ref', [saml.AuthnContextClassRef]) - c_children['{%s}AuthnContextDeclRef' % saml.SAML_NAMESPACE] = ( + c_children['{%s}AuthnContextDeclRef' % saml.NAMESPACE] = ( 'authn_context_decl_ref', [saml.AuthnContextDeclRef]) def __init__(self, comparison=None, authn_context_class_ref=None, @@ -504,17 +504,17 @@ class AttributeQuery(SubjectQuery): c_namespace = SAMLP_NAMESPACE c_children = SubjectQuery.c_children.copy() c_attributes = SubjectQuery.c_attributes.copy() - c_children['{%s}Attribute' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Attribute' % saml.NAMESPACE] = ( 'attribute', saml.Attribute) - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, subject=None, attribute=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for AttributeQuery - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -531,7 +531,7 @@ class AttributeQuery(SubjectQuery): string pairs """ - SubjectQuery.__init__(self, identifier, version, issue_instant, + SubjectQuery.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, subject, text, extension_elements, extension_attributes) @@ -548,13 +548,13 @@ class Resource(SamlBase): """The saml:Resource element""" c_tag = 'Resource' - c_namespace = saml.SAML_NAMESPACE + c_namespace = saml.NAMESPACE c_children = SamlBase.c_children.copy() c_attributes = SamlBase.c_attributes.copy() def resource_from_string(xml_string): """ Create Resource instance from an XML string """ - return saml2.create_class_from_xml_string(Resource, xml_string) + return create_class_from_xml_string(Resource, xml_string) # -------------------------------------------------------------------------- # 3.3.2.4 AuthzDecisionQuery @@ -567,15 +567,15 @@ class AuthzDecisionQuery(SubjectQuery): c_namespace = SAMLP_NAMESPACE c_children = SubjectQuery.c_children.copy() c_attributes = SubjectQuery.c_attributes.copy() - c_children['{%s}Resource' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Resource' % saml.NAMESPACE] = ( 'resource', Resource) - c_children['{%s}Action' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Action' % saml.NAMESPACE] = ( 'action', saml.Action) - c_children['{%s}Evidence' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Evidence' % saml.NAMESPACE] = ( 'evidence', saml.Evidence) c_child_order = ['action', 'evidence', 'resource'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, subject=None, resource=None, action=None, evidence=None, @@ -583,7 +583,7 @@ class AuthzDecisionQuery(SubjectQuery): extension_attributes=None): """Constructor for AuthzDecisionQuery - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -603,7 +603,7 @@ class AuthzDecisionQuery(SubjectQuery): string pairs """ - SubjectQuery.__init__(self, identifier, version, issue_instant, + SubjectQuery.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, subject, text, extension_elements, extension_attributes) @@ -612,9 +612,9 @@ class AuthzDecisionQuery(SubjectQuery): self.action = action or [] self.evidence = evidence -def attribute_query_from_string(xml_string): - """ Create AttributeQuery instance from an XML string """ - return create_class_from_xml_string(AttributeQuery, xml_string) +def authz_decision_query_from_string(xml_string): + """ Create AuthzDecisionQuery instance from an XML string """ + return create_class_from_xml_string(AuthzDecisionQuery, xml_string) # ========================================================================== # 3.3.3 Response @@ -627,21 +627,21 @@ class Response(StatusResponse): c_namespace = SAMLP_NAMESPACE c_children = StatusResponse.c_children.copy() c_attributes = StatusResponse.c_attributes.copy() - c_children['{%s}Assertion' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Assertion' % saml.NAMESPACE] = ( 'assertion', [saml.Assertion]) - c_children['{%s}EncryptedAssertion' % saml.SAML_NAMESPACE] = ( + c_children['{%s}EncryptedAssertion' % saml.NAMESPACE] = ( 'encrypted_assertion', [saml.EncryptedAssertion]) c_child_order = ['issuer', 'signature', 'extensions', 'status', 'assertion', 'encrypted_assertion'] - def __init__(self, identifier=None, in_response_to=None, version=None, + def __init__(self, id=None, in_response_to=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, status=None, assertion=None, encrypted_assertion=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for Response - :param identifier: ID attribute + :param id: ID attribute :param in_respones_to: InResponseTo attribute :param version: Version attribute :param issue_instant: IssueInstant attribute @@ -657,7 +657,7 @@ class Response(StatusResponse): :param extension_elements: A list of ExtensionElement instances :param extension_attributes: A dictionary of attribute value string pairs """ - StatusResponse.__init__(self, identifier, in_response_to, + StatusResponse.__init__(self, id, in_response_to, version, issue_instant, destination, consent, issuer, signature, @@ -864,10 +864,10 @@ class AuthnRequest(AbstractRequest): c_attributes['AssertionConsumingServiceIndex'] = \ 'assertion_consuming_service_index' c_attributes['ProviderName'] = 'provider_name' - c_children['{%s}Subject' % saml.SAML_NAMESPACE] = ('subject', saml.Subject) + c_children['{%s}Subject' % saml.NAMESPACE] = ('subject', saml.Subject) c_children['{%s}NameIDPolicy' % SAMLP_NAMESPACE] = ( 'name_id_policy', NameIDPolicy) - c_children['{%s}Conditions' % saml.SAML_NAMESPACE] = ( + c_children['{%s}Conditions' % saml.NAMESPACE] = ( 'conditions', saml.Conditions) c_children['{%s}RequestedAuthnContext' % SAMLP_NAMESPACE] = ( 'requested_authn_context', RequestedAuthnContext) @@ -876,7 +876,7 @@ class AuthnRequest(AbstractRequest): 'name_id_policy', 'conditions', 'requested_authn_context', 'scoping'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, subject=None, name_id_policy=None, conditions=None, requested_authn_context=None, scoping=None, @@ -888,7 +888,7 @@ class AuthnRequest(AbstractRequest): extension_elements=None, extension_attributes=None): """Constructor for AuthnRequest - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -916,7 +916,7 @@ class AuthnRequest(AbstractRequest): :param extension_attributes: A dictionary of attribute value string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) @@ -970,7 +970,7 @@ def terminate_from_string(xml_string): class ManageNameIDRequest(AbstractRequest): """The samlp:NameIDMappingRequest element - To request an alternate name identifier for a principal from an identity + To request an alternate name id for a principal from an identity provider, a requester sends an NameIDMappingRequest message """ @@ -979,25 +979,31 @@ class ManageNameIDRequest(AbstractRequest): c_children = AbstractRequest.c_children.copy() c_attributes = AbstractRequest.c_attributes.copy() c_attributes["NewID"] = "new_id" - c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID) - c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID) + c_children['{%s}EncryptedID' % saml.NAMESPACE] = ( 'encrypted_id', saml.EncryptedID) - c_children['{%s}NewEncryptedID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}NewEncryptedID' % saml.NAMESPACE] = ( 'new_encrypted_id', saml.EncryptedID) c_children['{%s}Terminate' % SAMLP_NAMESPACE] = ( 'terminate', Terminate) c_child_order = ['name_id', 'encrypted_id', 'new_id', 'new_encrypted_id', 'terminate'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, new_id=None, name_id=None, encrypted_id=None, + new_encrypted_id=None, terminate=None, + id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, - extensions=None, - base_id=None, name_id=None, encrypted_id=None, - name_id_policy=None, text=None, + extensions=None, name_id_policy=None, text=None, extension_elements=None, extension_attributes=None): """Constructor for ManageNameIDRequest - :param identifier: ID attribute + :param new_id: The new id value + :param name_id: NameID element + :param encrypted_id: EncryptedID element + :param new_encrypted_id: + :param terminate: + + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -1005,25 +1011,19 @@ class ManageNameIDRequest(AbstractRequest): :param issuer: Issuer element :param signature: Signature element :param extensions: Extensions element - :param name_id: NameID element - :param encrypted_id: EncryptedID element - :param new_id: The new identifier value - :param new_encrypted_id: - :param terminate: :param text: The text data in the this element :param extension_elements: A list of ExtensionElement instances :param extension_attributes: A dictionary of attribute value string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) - self.not_on_or_after = not_on_or_after - self.reason = reason - self.base_id = base_id + self.new_id = new_id self.name_id = name_id self.encrypted_id = encrypted_id - self.session_index = session_index + self.new_encrypted_id = new_encrypted_id + self.terminate = terminate def manage_name_id_request_from_string(xml_string): """ Create ManageNameIDRequest instance from an XML string """ @@ -1060,16 +1060,16 @@ class LogoutRequest(AbstractRequest): c_attributes = AbstractRequest.c_attributes.copy() c_attributes['NotOnOrAfter'] = 'not_on_or_after' c_attributes['Reason'] = 'reason' - c_children['{%s}BaseID' % saml.SAML_NAMESPACE] = ('base_id', saml.BaseID) - c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID) - c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}BaseID' % saml.NAMESPACE] = ('base_id', saml.BaseID) + c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID) + c_children['{%s}EncryptedID' % saml.NAMESPACE] = ( 'encrypted_id', saml.EncryptedID) c_children['{%s}SessionIndex' % SAMLP_NAMESPACE] = ( 'session_index', SessionIndex) c_child_order = ['issuer', 'signature', 'extensions', 'base_id', 'name_id', 'encrypted_id', 'session_index'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, not_on_or_after=None, reason=None, base_id=None, name_id=None, encrypted_id=None, @@ -1077,7 +1077,7 @@ class LogoutRequest(AbstractRequest): extension_elements=None, extension_attributes=None): """Constructor for LogoutRequest - :param identifier: ID attribute + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -1095,7 +1095,7 @@ class LogoutRequest(AbstractRequest): :param extension_elements: A list of ExtensionElement instances :param extension_attributes: A dictionary of attribute value string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) @@ -1133,7 +1133,7 @@ def logout_response_from_string(xml_string): class NameIDMappingRequest(AbstractRequest): """The samlp:NameIDMappingRequest element - To request an alternate name identifier for a principal from an identity + To request an alternate name id for a principal from an identity provider, a requester sends an NameIDMappingRequest message """ @@ -1141,23 +1141,29 @@ class NameIDMappingRequest(AbstractRequest): c_namespace = SAMLP_NAMESPACE c_children = AbstractRequest.c_children.copy() c_attributes = AbstractRequest.c_attributes.copy() - c_children['{%s}BaseID' % saml.SAML_NAMESPACE] = ('base_id', saml.BaseID) - c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ('name_id', saml.NameID) - c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}BaseID' % saml.NAMESPACE] = ('base_id', saml.BaseID) + c_children['{%s}NameID' % saml.NAMESPACE] = ('name_id', saml.NameID) + c_children['{%s}EncryptedID' % saml.NAMESPACE] = ( 'encrypted_id', saml.EncryptedID) c_children['{%s}NameIDPolicy' % SAMLP_NAMESPACE] = ( 'name_id_policy', NameIDPolicy) c_child_order = ['base_id', 'name_id', 'encrypted_id', 'name_id_policy'] - def __init__(self, identifier=None, version=None, issue_instant=None, + def __init__(self, base_id=None, name_id=None, encrypted_id=None, + name_id_policy=None, + id=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, - base_id=None, name_id=None, encrypted_id=None, - name_id_policy=None, text=None, + text=None, extension_elements=None, extension_attributes=None): """Constructor for LogoutRequest - :param identifier: ID attribute + :param base_id: BaseID element + :param name_id: NameID element + :param encrypted_id: EncryptedID element + :param name_id_policy: The requirements regarding the format and + optional name qualifier for the id to be returned. + :param id: ID attribute :param version: Version attribute :param issue_instant: IssueInstant attribute :param destination: Destination attribute @@ -1165,25 +1171,18 @@ class NameIDMappingRequest(AbstractRequest): :param issuer: Issuer element :param signature: Signature element :param extensions: Extensions element - :param base_id: BaseID element - :param name_id: NameID element - :param encrypted_id: EncryptedID element - :param name_id_policy: The requirements regarding the format and - optional name qualifier for the identifier to be returned. :param text: The text data in the this element :param extension_elements: A list of ExtensionElement instances :param extension_attributes: A dictionary of attribute value string pairs """ - AbstractRequest.__init__(self, identifier, version, issue_instant, + AbstractRequest.__init__(self, id, version, issue_instant, destination, consent, issuer, signature, extensions, text, extension_elements, extension_attributes) - self.not_on_or_after = not_on_or_after - self.reason = reason self.base_id = base_id self.name_id = name_id self.encrypted_id = encrypted_id - self.session_index = session_index + self.name_id_policy = name_id_policy def name_id_mapping_request_from_string(xml_string): """ Create NameIDMappingRequest instance from an XML string """ @@ -1201,21 +1200,24 @@ class NameIDMappingResponse(StatusResponse): c_namespace = SAMLP_NAMESPACE c_children = StatusResponse.c_children.copy() c_attributes = StatusResponse.c_attributes.copy() - c_children['{%s}NameID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}NameID' % saml.NAMESPACE] = ( 'name_id', saml.NameID) - c_children['{%s}EncryptedID' % saml.SAML_NAMESPACE] = ( + c_children['{%s}EncryptedID' % saml.NAMESPACE] = ( 'encrypted_id', saml.EncryptedID) c_child_order = ['name_id', 'encrypted_id'] - def __init__(self, identifier=None, in_response_to=None, + def __init__(self, name_id=None, encrypted_id=None, + id=None, in_response_to=None, version=None, issue_instant=None, destination=None, consent=None, issuer=None, signature=None, extensions=None, status=None, - base_id=None, name_id=None, text=None, + text=None, extension_elements=None, extension_attributes=None): """Constructor for NameIDMappingResponse - :param identifier: ID attribute + :param name_id: The id + :param encrypted_id: associated descriptive data + :param id: ID attribute :param in_respones_to: InResponseTo attribute :param version: Version attribute :param issue_instant: IssueInstant attribute @@ -1225,22 +1227,18 @@ class NameIDMappingResponse(StatusResponse): :param signature: Signature element :param extensions: Extensions element :param status: Status element - :param base_id: associated descriptive data - :param name_id: The identifier :param text: The text data in the this element :param extension_elements: A list of ExtensionElement instances :param extension_attributes: A dictionary of attribute value string pairs """ - StatusResponse.__init__(self, identifier, in_response_to, + StatusResponse.__init__(self, id, in_response_to, version, issue_instant, destination, consent, issuer, signature, extensions, status, text, extension_elements, extension_attributes) - self.not_on_or_after = not_on_or_after - self.reason = reason - self.base_id = base_id self.name_id = name_id + self.encrypted_id = encrypted_id def name_id_mapping_response_from_string(xml_string): """ Create NameIDMappingResponse instance from an XML string """ diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index d14fba0..73ac179 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -4,6 +4,7 @@ from saml2 import samlp from tempfile import NamedTemporaryFile from subprocess import Popen, PIPE import base64 +import random XMLSEC_BINARY = "/usr/local/bin/xmlsec1" ID_ATTR = "ID" @@ -96,7 +97,8 @@ def correctly_signed_response(decoded_xml): if _TEST_: print " ".join(com_list) - verified = _parse_popen_output(Popen(com_list, stderr=PIPE).communicate()[1]) + verified = _parse_popen_output(Popen(com_list, + stderr=PIPE).communicate()[1]) if _TEST_: print "Verify result: '%s'" % (verified,) @@ -114,8 +116,8 @@ def sign_using_xmlsec(statement, sign_key): """xmlsec1 --sign --privkey-pem test.key --id-attr:ID urn:oasis:names:tc:SAML:2.0:assertion:Assertion saml_response.xml""" - fil_p, fil = make_temp("%s" % statement, decode=False) - pem_file_pointer, pem_file = make_temp("%s" % sign_key, ".pem") + _, fil = make_temp("%s" % statement, decode=False) + _, pem_file = make_temp("%s" % sign_key, ".pem") com_list = [XMLSEC_BINARY, "--sign", "--privkey-cert-pem", pem_file, "--id-attr:%s" % ID_ATTR, diff --git a/src/xmldsig/__init__.py b/src/xmldsig/__init__.py index 32f3bce..cc206fa 100644 --- a/src/xmldsig/__init__.py +++ b/src/xmldsig/__init__.py @@ -34,8 +34,8 @@ except ImportError: import saml2 from saml2 import create_class_from_xml_string -DS_NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#' -DS_TEMPLATE = '{http://www.w3.org/2000/09/xmldsig#}%s' +NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#' +TEMPLATE = '{http://www.w3.org/2000/09/xmldsig#}%s' ENCODING_BASE64 = 'http://www.w3.org/2000/09/xmldsig#base64' DIGEST_SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1' @@ -62,7 +62,7 @@ class Object(DsBase): """The ds:Object element""" c_tag = 'Object' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = 'identifier' @@ -95,7 +95,7 @@ class MgmtData(DsBase): """The ds:MgmtData element""" c_tag = 'MgmtData' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -108,7 +108,7 @@ class SPKISexp(DsBase): """The ds:SPKISexp element""" c_tag = 'SPKISexp' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -121,10 +121,10 @@ class SPKIData(DsBase): """The ds:SPKIData element""" c_tag = 'SPKIData' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}SPKISexp' % DS_NAMESPACE] = ('spki_sexp', [SPKISexp]) + c_children['{%s}SPKISexp' % NAMESPACE] = ('spki_sexp', [SPKISexp]) def __init__(self, spki_sexp=None, text=None, extension_elements=None, extension_attributes=None): @@ -149,7 +149,7 @@ class PGPKeyID(DsBase): """The ds:PGPKeyID element""" c_tag = 'PGPKeyID' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -162,7 +162,7 @@ class PGPKeyPacket(DsBase): """The ds:PGPKeyPacket element""" c_tag = 'PGPKeyPacket' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -175,11 +175,11 @@ class PGPData(DsBase): """The ds:PGPData element""" c_tag = 'PGPData' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}PGPKeyID' % DS_NAMESPACE] = ('pgp_key_id', PGPKeyID) - c_children['{%s}PGPKeyPacket' % DS_NAMESPACE] = ( + c_children['{%s}PGPKeyID' % NAMESPACE] = ('pgp_key_id', PGPKeyID) + c_children['{%s}PGPKeyPacket' % NAMESPACE] = ( 'pgp_key_packet', PGPKeyPacket) c_child_order = ['pgp_key_id', 'pgp_key_packet'] @@ -208,7 +208,7 @@ class X509IssuerName(DsBase): """The ds:X509IssuerName element""" c_tag = 'X509IssuerName' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -221,7 +221,7 @@ class X509IssuerNumber(DsBase): """The ds:X509IssuerNumber element""" c_tag = 'X509IssuerNumber' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -234,12 +234,12 @@ class X509IssuerSerial(DsBase): """The ds:X509IssuerSerial element""" c_tag = 'X509IssuerSerial' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}X509IssuerName' % DS_NAMESPACE] = ( + c_children['{%s}X509IssuerName' % NAMESPACE] = ( 'x509_issuer_name', X509IssuerName) - c_children['{%s}X509IssuerNumber' % DS_NAMESPACE] = ( + c_children['{%s}X509IssuerNumber' % NAMESPACE] = ( 'x509_issuer_number', X509IssuerNumber) c_child_order = ['x509_issuer_name', 'x509_issuer_number'] @@ -269,7 +269,7 @@ class X509SKI(DsBase): """The ds:X509SKI element""" c_tag = 'X509SKI' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -282,7 +282,7 @@ class X509SubjectName(DsBase): """The ds:X509SubjectName element""" c_tag = 'X509SubjectName' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -295,7 +295,7 @@ class X509Certificate(DsBase): """The ds:X509Certificate element""" c_tag = 'X509Certificate' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -308,7 +308,7 @@ class X509CRL(DsBase): """The ds:X509CRL element""" c_tag = 'X509CRL' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -321,17 +321,17 @@ class X509Data(DsBase): """The ds:X509Data element""" c_tag = 'X509Data' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}X509IssuerSerial' % DS_NAMESPACE] = ( + c_children['{%s}X509IssuerSerial' % NAMESPACE] = ( 'x509_issuer_serial', [X509IssuerSerial]) - c_children['{%s}X509SKI' % DS_NAMESPACE] = ('x509_ski', [X509SKI]) - c_children['{%s}X509SubjectName' % DS_NAMESPACE] = ( + c_children['{%s}X509SKI' % NAMESPACE] = ('x509_ski', [X509SKI]) + c_children['{%s}X509SubjectName' % NAMESPACE] = ( 'x509_subject_name', [X509SubjectName]) - c_children['{%s}X509Certificate' % DS_NAMESPACE] = ( + c_children['{%s}X509Certificate' % NAMESPACE] = ( 'x509_certificate', [X509Certificate]) - c_children['{%s}X509CRL' % DS_NAMESPACE] = ('x509_crl', [X509CRL]) + c_children['{%s}X509CRL' % NAMESPACE] = ('x509_crl', [X509CRL]) c_child_order = ['x509_issuer_serial', 'x509_ski', 'x509_subject_name', 'x509_certificate', 'x509_crl'] @@ -368,11 +368,11 @@ class XPath(DsBase): """The ds:XPath element""" c_tag = 'XPath' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() -def x_path_from_string(xml_string): +def xpath_from_string(xml_string): """ Create XPath instance from an XML string """ return create_class_from_xml_string(XPath, xml_string) @@ -381,11 +381,11 @@ class Transform(DsBase): """The ds:Transform element""" c_tag = 'Transform' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Algorithm'] = 'algorithm' - c_children['{%s}XPath' % DS_NAMESPACE] = ('xpath', [XPath]) + c_children['{%s}XPath' % NAMESPACE] = ('xpath', [XPath]) def __init__(self, xpath=None, algorithm=None, text=None, extension_elements=None, extension_attributes=None): @@ -411,10 +411,10 @@ class Transforms(DsBase): """The ds:Transforms element""" c_tag = 'Transforms' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}Transform' % DS_NAMESPACE] = ('transform', [Transform]) + c_children['{%s}Transform' % NAMESPACE] = ('transform', [Transform]) def __init__(self, transform=None, text=None, extension_elements=None, extension_attributes=None): @@ -438,12 +438,12 @@ class RetrievalMethod(DsBase): """The ds:RetrievalMethod element""" c_tag = 'RetrievalMethod' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['URI'] = 'uri' c_attributes['Type'] = 'type' - c_children['{%s}Transforms' % DS_NAMESPACE] = ('transforms', [Transforms]) + c_children['{%s}Transforms' % NAMESPACE] = ('transforms', [Transforms]) def __init__(self, transforms=None, uri=None, typ=None, text=None, extension_elements=None, extension_attributes=None): @@ -471,7 +471,7 @@ class Modulus(DsBase): """The ds:Modulus element""" c_tag = 'Modulus' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -484,7 +484,7 @@ class Exponent(DsBase): """The ds:Exponent element""" c_tag = 'Exponent' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -497,11 +497,11 @@ class RSAKeyValue(DsBase): """The ds:RSAKeyValue element""" c_tag = 'RSAKeyValue' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}Modulus' % DS_NAMESPACE] = ('modulus', Modulus) - c_children['{%s}Exponent' % DS_NAMESPACE] = ('exponent', Exponent) + c_children['{%s}Modulus' % NAMESPACE] = ('modulus', Modulus) + c_children['{%s}Exponent' % NAMESPACE] = ('exponent', Exponent) c_child_order = ['modulus', 'exponent'] def __init__(self, modulus=None, exponent=None, text=None, @@ -528,7 +528,7 @@ class DsP(DsBase): """The ds:P element""" c_tag = 'P' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -541,7 +541,7 @@ class DsQ(DsBase): """The ds:Q element""" c_tag = 'Q' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -554,7 +554,7 @@ class DsG(DsBase): """The ds:G element""" c_tag = 'G' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -567,7 +567,7 @@ class DsY(DsBase): """The ds:Y element""" c_tag = 'Y' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -580,7 +580,7 @@ class DsJ(DsBase): """The ds:J element""" c_tag = 'J' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -593,7 +593,7 @@ class Seed(DsBase): """The ds:Seed element""" c_tag = 'Seed' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -606,7 +606,7 @@ class PgenCounter(DsBase): """The ds:PgenCounter element""" c_tag = 'PgenCounter' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -619,16 +619,16 @@ class DSAKeyValue(DsBase): """The ds:DSAKeyValue element""" c_tag = 'DSAKeyValue' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}P' % DS_NAMESPACE] = ('p', DsP) - c_children['{%s}Q' % DS_NAMESPACE] = ('q', DsQ) - c_children['{%s}G' % DS_NAMESPACE] = ('g', DsG) - c_children['{%s}Y' % DS_NAMESPACE] = ('y', DsY) - c_children['{%s}J' % DS_NAMESPACE] = ('j', DsJ) - c_children['{%s}Seed' % DS_NAMESPACE] = ('seed', Seed) - c_children['{%s}PgenCounter' % DS_NAMESPACE] = ('pgen_counter', PgenCounter) + c_children['{%s}P' % NAMESPACE] = ('p', DsP) + c_children['{%s}Q' % NAMESPACE] = ('q', DsQ) + c_children['{%s}G' % NAMESPACE] = ('g', DsG) + c_children['{%s}Y' % NAMESPACE] = ('y', DsY) + c_children['{%s}J' % NAMESPACE] = ('j', DsJ) + c_children['{%s}Seed' % NAMESPACE] = ('seed', Seed) + c_children['{%s}PgenCounter' % NAMESPACE] = ('pgen_counter', PgenCounter) c_child_order = ['p', 'q', 'g', 'y', 'j', 'seed', 'pgen_counter'] @@ -667,12 +667,12 @@ class KeyValue(DsBase): """The ds:KeyValue element""" c_tag = 'KeyValue' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() - c_children['{%s}RSAKeyValue' % DS_NAMESPACE] = ('rsa_key_value', + c_children['{%s}RSAKeyValue' % NAMESPACE] = ('rsa_key_value', RSAKeyValue) - c_children['{%s}DSAKeyValue' % DS_NAMESPACE] = ('dsa_key_value', + c_children['{%s}DSAKeyValue' % NAMESPACE] = ('dsa_key_value', DSAKeyValue) c_child_order = ['rsa_key_value', 'dsa_key_value'] @@ -701,7 +701,7 @@ class KeyName(DsBase): """The ds:KeyName element""" c_tag = 'KeyName' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -714,18 +714,18 @@ class KeyInfo(DsBase): """The ds:KeyInfo element""" c_tag = 'KeyInfo' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = "identifier" - c_children['{%s}KeyName' % DS_NAMESPACE] = ('key_name', [KeyName]) - c_children['{%s}KeyValue' % DS_NAMESPACE] = ('key_value', [KeyValue]) - c_children['{%s}RetrievalMethod' % DS_NAMESPACE] = ( + c_children['{%s}KeyName' % NAMESPACE] = ('key_name', [KeyName]) + c_children['{%s}KeyValue' % NAMESPACE] = ('key_value', [KeyValue]) + c_children['{%s}RetrievalMethod' % NAMESPACE] = ( 'retrieval_method', [RetrievalMethod]) - c_children['{%s}X509Data' % DS_NAMESPACE] = ('x509_data', [X509Data]) - c_children['{%s}PGPData' % DS_NAMESPACE] = ('pgp_data', [PGPData]) - c_children['{%s}SPKIData' % DS_NAMESPACE] = ('spki_data', [SPKIData]) - c_children['{%s}MgmtData' % DS_NAMESPACE] = ('mgmt_data', [MgmtData]) + c_children['{%s}X509Data' % NAMESPACE] = ('x509_data', [X509Data]) + c_children['{%s}PGPData' % NAMESPACE] = ('pgp_data', [PGPData]) + c_children['{%s}SPKIData' % NAMESPACE] = ('spki_data', [SPKIData]) + c_children['{%s}MgmtData' % NAMESPACE] = ('mgmt_data', [MgmtData]) c_child_order = ['key_name', 'key_value', 'retrieval_method', 'x509_data', 'pgp_data', 'spki_data', 'mgmt_data'] @@ -768,7 +768,7 @@ class DigestValue(DsBase): """The ds:DigestValue element""" c_tag = 'DigestValue' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -781,7 +781,7 @@ class DigestMethod(DsBase): """The ds:DigestMethod element""" c_tag = 'DigestMethod' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Algorithm'] = "algorithm" @@ -808,16 +808,16 @@ class Reference(DsBase): """The ds:Reference element""" c_tag = 'Reference' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = "identifier" c_attributes['URI'] = "uri" c_attributes['Type'] = "type" - c_children['{%s}Transforms' % DS_NAMESPACE] = ('transforms', [Transforms]) - c_children['{%s}DigestMethod' % DS_NAMESPACE] = ( + c_children['{%s}Transforms' % NAMESPACE] = ('transforms', [Transforms]) + c_children['{%s}DigestMethod' % NAMESPACE] = ( 'digest_method', [DigestMethod]) - c_children['{%s}DigestValue' % DS_NAMESPACE] = ('digest_value', + c_children['{%s}DigestValue' % NAMESPACE] = ('digest_value', [DigestValue]) c_child_order = ['transforms', 'digest_method', 'digest_value'] @@ -855,7 +855,7 @@ class HMACOutputLength(DsBase): """The ds:HMACOutputLength element""" c_tag = 'HMACOutputLength' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() @@ -868,11 +868,11 @@ class SignatureMethod(DsBase): """The ds:SignatureMethod element""" c_tag = 'SignatureMethod' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Algorithm'] = "algorithm" - c_children['{%s}HMACOutputLength' % DS_NAMESPACE] = ( + c_children['{%s}HMACOutputLength' % NAMESPACE] = ( 'hmac_output_length', HMACOutputLength) def __init__(self, algorithm=None, hmac_output_length=None, text=None, @@ -899,7 +899,7 @@ class CanonicalizationMethod(DsBase): """The ds:CanonicalizationMethod element""" c_tag = 'CanonicalizationMethod' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Algorithm'] = "algorithm" @@ -926,15 +926,15 @@ class SignedInfo(DsBase): """The ds:SignedInfo element""" c_tag = 'SignedInfo' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = "identifier" - c_children['{%s}CanonicalizationMethod' % DS_NAMESPACE] = ( + c_children['{%s}CanonicalizationMethod' % NAMESPACE] = ( 'canonicalization_method', CanonicalizationMethod) - c_children['{%s}SignatureMethod' % DS_NAMESPACE] = ( + c_children['{%s}SignatureMethod' % NAMESPACE] = ( 'signature_method', SignatureMethod) - c_children['{%s}Reference' % DS_NAMESPACE] = ('reference', [Reference]) + c_children['{%s}Reference' % NAMESPACE] = ('reference', [Reference]) c_child_order = ['canonicalization_method', 'signature_method', 'reference'] @@ -967,7 +967,7 @@ class SignatureValue(DsBase): """The ds:SignatureValue element""" c_tag = 'SignatureValue' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = "identifier" @@ -995,15 +995,15 @@ class Signature(DsBase): """The ds:Signature element""" c_tag = 'Signature' - c_namespace = DS_NAMESPACE + c_namespace = NAMESPACE c_children = DsBase.c_children.copy() c_attributes = DsBase.c_attributes.copy() c_attributes['Id'] = "identifier" - c_children['{%s}SignedInfo' % DS_NAMESPACE] = ('signed_info', SignedInfo) - c_children['{%s}SignatureValue' % DS_NAMESPACE] = ( + c_children['{%s}SignedInfo' % NAMESPACE] = ('signed_info', SignedInfo) + c_children['{%s}SignatureValue' % NAMESPACE] = ( 'signature_value', SignatureValue) - c_children['{%s}KeyInfo' % DS_NAMESPACE] = ('key_info', KeyInfo) - c_children['{%s}Object' % DS_NAMESPACE] = ('object', [Object]) + c_children['{%s}KeyInfo' % NAMESPACE] = ('key_info', KeyInfo) + c_children['{%s}Object' % NAMESPACE] = ('object', [Object]) c_child_order = ["signed_info", "signature_value", "key_info", "object"] def __init__(self, identifier=None, signed_info=None, signature_value=None, @@ -1056,3 +1056,48 @@ def get_empty_signature(canonicalization_method_algorithm=C14N_WITH_C, key_info=KeyInfo(key_value=KeyValue())) return signature + +ELEMENT_FROM_STRING = { + Object.c_tag: object_from_string, + MgmtData.c_tag: mgmt_data_from_string, + SPKISexp.c_tag: spki_sexp_from_string, + SPKIData.c_tag: spki_data_from_string, + PGPKeyID.c_tag: pgp_key_id_from_string, + PGPKeyPacket.c_tag: pgp_key_packet_from_string, + PGPData.c_tag: pgp_data_from_string, + X509IssuerName.c_tag: x509_issuer_name_from_string, + X509IssuerNumber.c_tag: x509_issuer_number_from_string, + X509IssuerSerial.c_tag: x509_issuer_serial_from_string, + X509SKI.c_tag: x509_ski_from_string, + X509SubjectName.c_tag: x509_subject_name_from_string, + X509Certificate.c_tag: x509_certificate_from_string, + X509CRL.c_tag: x509_crl_from_string, + X509Data.c_tag: x509_data_from_string, + XPath.c_tag: xpath_from_string, + Transform.c_tag: transform_from_string, + Transforms.c_tag: transforms_from_string, + RetrievalMethod.c_tag: retrieval_method_from_string, + Modulus.c_tag: modulus_from_string, + Exponent.c_tag: exponent_from_string, + RSAKeyValue.c_tag: rsa_key_value_from_string, + DsP.c_tag: p_from_string, + DsQ.c_tag: q_from_string, + DsG.c_tag: g_from_string, + DsY.c_tag: y_from_string, + DsJ.c_tag: j_from_string, + Seed.c_tag: seed_from_string, + PgenCounter.c_tag: pgen_counter_from_string, + DSAKeyValue.c_tag: dsa_key_value_from_string, + KeyValue.c_tag: key_value_from_string, + KeyName.c_tag: key_name_from_string, + KeyInfo.c_tag: key_info_from_string, + DigestValue.c_tag: digest_value_from_string, + DigestMethod.c_tag: digest_method_from_string, + Reference.c_tag: reference_from_string, + HMACOutputLength.c_tag: hmac_output_length_from_string, + SignatureMethod.c_tag: signature_method_from_string, + CanonicalizationMethod.c_tag: canonicalization_method_from_string, + SignedInfo.c_tag: signed_info_from_string, + SignatureValue.c_tag: signature_value_from_string, + Signature.c_tag: signature_from_string, +} diff --git a/src/xmlenc/__init__.py b/src/xmlenc/__init__.py index 7998851..f321031 100644 --- a/src/xmlenc/__init__.py +++ b/src/xmlenc/__init__.py @@ -37,8 +37,8 @@ from saml2 import create_class_from_xml_string import xmldsig as ds -ENC_NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#' -ENC_TEMPLATE = '{http://www.w3.org/2001/04/xmlenc#}%s' +NAMESPACE = 'http://www.w3.org/2001/04/xmlenc#' +#TEMPLATE = '{http://www.w3.org/2001/04/xmlenc#}%s' class EncBase(saml2.SamlBase): """The enc:EncBase element""" @@ -53,7 +53,7 @@ class EncBase(saml2.SamlBase): class KeySize(EncBase): c_tag = 'KeySize' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() @@ -68,7 +68,7 @@ def key_size_from_string(xml_string): class OAEPparams(EncBase): c_tag = 'OAEPparams' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() @@ -84,13 +84,13 @@ class EncryptionMethod(EncBase): """The enc:EncryptionMethod element""" c_tag = 'EncryptionMethod' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['Algorithm'] = 'algorithm' - c_children['{%s}KeySize' % ENC_NAMESPACE] = ( + c_children['{%s}KeySize' % NAMESPACE] = ( 'key_size', [KeySize]) - c_children['{%s}OAEPparams' % ENC_NAMESPACE] = ( + c_children['{%s}OAEPparams' % NAMESPACE] = ( 'oaep_params', [OAEPparams]) def __init__(self, algorithm=None, key_size=None, oaep_params=None, @@ -122,7 +122,7 @@ def encryption_method_from_string(xml_string): class CipherValue(EncBase): c_tag = 'CipherValue' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() @@ -139,10 +139,10 @@ def cipher_value_from_string(xml_string): class Transforms(EncBase): c_tag = 'Transforms' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() - c_children['{%s}Transform' % ds.DS_NAMESPACE] = ( + c_children['{%s}Transform' % ds.NAMESPACE] = ( 'transform', [ds.Transform]) def __init__(self, transform=None, @@ -170,11 +170,11 @@ def transforms_from_string(xml_string): class CipherReference(EncBase): c_tag = 'CipherReference' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['URI'] = 'uri' - c_children['{%s}Transforms' % ENC_NAMESPACE] = ( + c_children['{%s}Transforms' % NAMESPACE] = ( 'transforms', [Transforms]) def __init__(self, uri=None, transforms=None, @@ -205,12 +205,12 @@ class CipherData(EncBase): """The enc:CipherData element""" c_tag = 'CipherData' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() - c_children['{%s}CipherValue' % ENC_NAMESPACE] = ( + c_children['{%s}CipherValue' % NAMESPACE] = ( 'cipher_value', [CipherValue]) - c_children['{%s}CipherReference' % ENC_NAMESPACE] = ( + c_children['{%s}CipherReference' % NAMESPACE] = ( 'cipher_reference', [CipherReference]) c_child_order = ['cipher_value', 'cipher_reference'] @@ -231,6 +231,10 @@ class CipherData(EncBase): self.cipher_value = cipher_value self.cipher_reference = cipher_reference +def cipher_data_from_string(xml_string): + """ Create CipherData instance from an XML string """ + return create_class_from_xml_string(CipherData, xml_string) + # --------------------------------------------------------------------------- # EncryptionProperty # --------------------------------------------------------------------------- @@ -238,7 +242,7 @@ class CipherData(EncBase): class EncryptionProperty(EncBase): c_tag = 'EncryptionProperty' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['Target'] = 'target' @@ -271,11 +275,11 @@ def encryption_property_from_string(xml_string): class EncryptionProperties(EncBase): c_tag = 'EncryptionProperties' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['Id'] = 'identifier' - c_children['{%s}EncryptionProperty' % ENC_NAMESPACE] = ( + c_children['{%s}EncryptionProperty' % NAMESPACE] = ( 'encryption_property', [EncryptionProperty]) def __init__(self, identifier=None, encryption_property=None, @@ -306,20 +310,20 @@ class EncryptedType(EncBase): """The enc:EncryptedType element""" c_tag = 'EncryptedType' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['Id'] = 'identifier' c_attributes['Type'] = 'typ' c_attributes['MimeType'] = 'mime_type' c_attributes['Encoding'] = 'encoding' - c_children['{%s}EncryptionMethod' % ENC_NAMESPACE] = ( + c_children['{%s}EncryptionMethod' % NAMESPACE] = ( 'encryption_method', [EncryptionMethod]) - c_children['{%s}KeyInfo' % ds.DS_NAMESPACE] = ( + c_children['{%s}KeyInfo' % ds.NAMESPACE] = ( 'key_info', [ds.KeyInfo]) - c_children['{%s}CipherData' % ENC_NAMESPACE] = ( + c_children['{%s}CipherData' % NAMESPACE] = ( 'cipher_data', [CipherData]) - c_children['{%s}EncryptionProperties' % ENC_NAMESPACE] = ( + c_children['{%s}EncryptionProperties' % NAMESPACE] = ( 'encryption_properties', [EncryptionProperties]) c_child_order = ['encryption_method', 'key_info', 'cipher_data','encryption_properties'] @@ -366,7 +370,7 @@ class EncryptedData(EncryptedType): """The enc:EncryptedData element""" c_tag = 'EncryptedData' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncryptedType.c_children.copy() c_attributes = EncryptedType.c_attributes.copy() @@ -381,7 +385,7 @@ def encrypted_data_from_string(xml_string): class ReferenceType(EncBase): c_tag = 'ReferenceType' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() c_attributes['URI'] = 'uri' @@ -411,10 +415,14 @@ def reference_type_from_string(xml_string): class DataReference(ReferenceType): c_tag = 'DataReference' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = ReferenceType.c_children.copy() c_attributes = ReferenceType.c_attributes.copy() +def data_reference_from_string(xml_string): + """ Create DataReference instance from an XML string """ + return create_class_from_xml_string(DataReference, xml_string) + # --------------------------------------------------------------------------- # KeyReference # --------------------------------------------------------------------------- @@ -422,10 +430,14 @@ class DataReference(ReferenceType): class KeyReference(ReferenceType): c_tag = 'KeyReference' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = ReferenceType.c_children.copy() c_attributes = ReferenceType.c_attributes.copy() +def key_reference_from_string(xml_string): + """ Create KeyReference instance from an XML string """ + return create_class_from_xml_string(KeyReference, xml_string) + # --------------------------------------------------------------------------- # ReferenceList # --------------------------------------------------------------------------- @@ -433,12 +445,12 @@ class KeyReference(ReferenceType): class ReferenceList(EncBase): c_tag = 'ReferenceList' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() - c_children['{%s}DataReference' % ENC_NAMESPACE] = ( + c_children['{%s}DataReference' % NAMESPACE] = ( 'data_reference', [DataReference]) - c_children['{%s}KeyReference' % ENC_NAMESPACE] = ( + c_children['{%s}KeyReference' % NAMESPACE] = ( 'key_reference', [KeyReference]) def __init__(self, data_reference=None, key_reference=None, @@ -468,7 +480,7 @@ def reference_list_from_string(xml_string): class CarriedKeyName(EncBase): c_tag = 'CarriedKeyName' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncBase.c_children.copy() c_attributes = EncBase.c_attributes.copy() @@ -484,13 +496,13 @@ class EncryptedKey(EncryptedType): """The enc:EncryptedKey element""" c_tag = 'EncryptedKey' - c_namespace = ENC_NAMESPACE + c_namespace = NAMESPACE c_children = EncryptedType.c_children.copy() c_attributes = EncryptedType.c_attributes.copy() c_attributes['Recipient'] = 'recipient' - c_children['{%s}ReferenceList' % ENC_NAMESPACE] = ( + c_children['{%s}ReferenceList' % NAMESPACE] = ( 'reference_list', [ReferenceList]) - c_children['{%s}CarriedKeyName' % ENC_NAMESPACE] = ( + c_children['{%s}CarriedKeyName' % NAMESPACE] = ( 'carried_key_name', [CarriedKeyName]) def __init__(self, recipient=None, reference_list=None, @@ -529,3 +541,22 @@ def encrypted_key_from_string(xml_string): """ Create EncryptedKey instance from an XML string """ return create_class_from_xml_string(EncryptedKey, xml_string) +ELEMENT_TO_STRING = { + KeySize: key_size_from_string, + OAEPparams: oaep_params_from_string, + EncryptionMethod: encryption_method_from_string, + CipherValue: cipher_value_from_string, + Transforms: transforms_from_string, + CipherReference: cipher_reference_from_string, + CipherData: cipher_data_from_string, + EncryptionProperty: encryption_property_from_string, + EncryptionProperties: encryption_properties_from_string, + EncryptedType: encrypted_type_from_string, + EncryptedData: encrypted_data_from_string, + ReferenceType: reference_type_from_string, + DataReference: data_reference_from_string, + KeyReference: key_reference_from_string, + ReferenceList: reference_list_from_string, + CarriedKeyName: carried_key_name_from_string, + EncryptedKey: encrypted_key_from_string, +} \ No newline at end of file