openstack/deb-python-pysaml2
Code Issues Proposed changes

Added some extra functionality.

Browse Source
This commit is contained in:
Roland Hedberg
2014-09-11 20:04:37 +02:00
parent be48f27945
commit 7c2fe90b1b
1 changed files with 42 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/saml2/mdstore.py
View File

@@ -67,9 +67,12 @@ def destinations(srvs):
return [s["location"] for s in srvs] return [s["location"] for s in srvs]
def attribute_requirement(entity): def attribute_requirement(entity, index=None):
res = {"required": [], "optional": []} res = {"required": [], "optional": []}
for acs in entity["attribute_consuming_service"]: for acs in entity["attribute_consuming_service"]:
if index is not None and acs["index"] != index:
continue
for attr in acs["requested_attribute"]: for attr in acs["requested_attribute"]:
if "is_required" in attr and attr["is_required"] == "true": if "is_required" in attr and attr["is_required"] == "true":
res["required"].append(attr) res["required"].append(attr)
@@ -133,6 +136,9 @@ class MetaData(object):
def __getitem__(self, item): def __getitem__(self, item):
return self.entity[item] return self.entity[item]
def __setitem__(self, key, value):
self.entity[key] = value
def do_entity_descriptor(self, entity_descr): def do_entity_descriptor(self, entity_descr):
if self.check_validity: if self.check_validity:
try: try:
@@ -221,7 +227,7 @@ class MetaData(object):
""" """
logger.debug("service(%s, %s, %s, %s)" % (entity_id, typ, service, logger.debug("service(%s, %s, %s, %s)" % (entity_id, typ, service,
binding)) binding))
try: try:
srvs = [] srvs = []
for t in self[entity_id][typ]: for t in self[entity_id][typ]:
@@ -297,12 +303,14 @@ class MetaData(object):
return self.service(entity_id, typ, service) return self.service(entity_id, typ, service)
def attribute_requirement(self, entity_id, index=0): def attribute_requirement(self, entity_id, index=None):
""" Returns what attributes the SP requires and which are optional """ Returns what attributes the SP requires and which are optional
if any such demands are registered in the Metadata. if any such demands are registered in the Metadata.
:param entity_id: The entity id of the SP :param entity_id: The entity id of the SP
:param index: which of the attribute consumer services its all about :param index: which of the attribute consumer services its all about
if index=None then return all attributes expected by all
attribute_consuming_services.
:return: 2-tuple, list of required and list of optional attributes :return: 2-tuple, list of required and list of optional attributes
""" """
@@ -310,7 +318,7 @@ class MetaData(object):
try: try:
for sp in self[entity_id]["spsso_descriptor"]: for sp in self[entity_id]["spsso_descriptor"]:
_res = attribute_requirement(sp) _res = attribute_requirement(sp, index)
res["required"].extend(_res["required"]) res["required"].extend(_res["required"])
res["optional"].extend(_res["optional"]) res["optional"].extend(_res["optional"])
except KeyError: except KeyError:
@@ -513,6 +521,7 @@ class MetaDataMD(MetaData):
class MetadataStore(object): class MetadataStore(object):
def __init__(self, onts, attrc, config, ca_certs=None, def __init__(self, onts, attrc, config, ca_certs=None,
check_validity=True,
disable_ssl_certificate_validation=False): disable_ssl_certificate_validation=False):
""" """
:params onts: :params onts:
@@ -523,11 +532,16 @@ class MetadataStore(object):
""" """
self.onts = onts self.onts = onts
self.attrc = attrc self.attrc = attrc
self.http = HTTPBase(verify=disable_ssl_certificate_validation,
ca_bundle=ca_certs) if disable_ssl_certificate_validation:
self.http = HTTPBase(verify=False, ca_bundle=ca_certs)
else:
self.http = HTTPBase(verify=True, ca_bundle=ca_certs)
self.security = security_context(config) self.security = security_context(config)
self.ii = 0 self.ii = 0
self.metadata = {} self.metadata = {}
self.check_validity = check_validity
def load(self, typ, *args, **kwargs): def load(self, typ, *args, **kwargs):
if typ == "local": if typ == "local":
@@ -539,10 +553,16 @@ class MetadataStore(object):
_md = MetaData(self.onts, self.attrc, args[0], **kwargs) _md = MetaData(self.onts, self.attrc, args[0], **kwargs)
elif typ == "remote": elif typ == "remote":
key = kwargs["url"] key = kwargs["url"]
_args = {}
for _key in ["node_name", "check_validity"]:
try:
_args[_key] = kwargs[_key]
except KeyError:
pass
_md = MetaDataExtern(self.onts, self.attrc, _md = MetaDataExtern(self.onts, self.attrc,
kwargs["url"], self.security, kwargs["url"], self.security,
kwargs["cert"], self.http, kwargs["cert"], self.http, **_args)
node_name=kwargs.get('node_name'))
elif typ == "mdfile": elif typ == "mdfile":
key = args[0] key = args[0]
_md = MetaDataMD(self.onts, self.attrc, args[0]) _md = MetaDataMD(self.onts, self.attrc, args[0])
@@ -559,6 +579,8 @@ class MetadataStore(object):
for key, vals in spec.items(): for key, vals in spec.items():
for val in vals: for val in vals:
if isinstance(val, dict): if isinstance(val, dict):
if not self.check_validity:
val["check_validity"] = False
self.load(key, **val) self.load(key, **val)
else: else:
self.load(key, val) self.load(key, val)
@@ -633,7 +655,7 @@ class MetadataStore(object):
if binding is None: if binding is None:
binding = BINDING_SOAP binding = BINDING_SOAP
return self.service(entity_id, "pdp_descriptor", return self.service(entity_id, "pdp_descriptor",
"authz_service", binding) "authz_service", binding)
def assertion_id_request_service(self, entity_id, binding=None, typ=None): def assertion_id_request_service(self, entity_id, binding=None, typ=None):
# AuthnAuthority + IDP + PDP + AttributeAuthority # AuthnAuthority + IDP + PDP + AttributeAuthority
@@ -642,7 +664,7 @@ class MetadataStore(object):
if binding is None: if binding is None:
binding = BINDING_SOAP binding = BINDING_SOAP
return self.service(entity_id, "%s_descriptor" % typ, return self.service(entity_id, "%s_descriptor" % typ,
"assertion_id_request_service", binding) "assertion_id_request_service", binding)
def single_logout_service(self, entity_id, binding=None, typ=None): def single_logout_service(self, entity_id, binding=None, typ=None):
# IDP + SP # IDP + SP
@@ -651,35 +673,35 @@ class MetadataStore(object):
if binding is None: if binding is None:
binding = BINDING_HTTP_REDIRECT binding = BINDING_HTTP_REDIRECT
return self.service(entity_id, "%s_descriptor" % typ, return self.service(entity_id, "%s_descriptor" % typ,
"single_logout_service", binding) "single_logout_service", binding)
def manage_name_id_service(self, entity_id, binding=None, typ=None): def manage_name_id_service(self, entity_id, binding=None, typ=None):
# IDP + SP # IDP + SP
if binding is None: if binding is None:
binding = BINDING_HTTP_REDIRECT binding = BINDING_HTTP_REDIRECT
return self.service(entity_id, "%s_descriptor" % typ, return self.service(entity_id, "%s_descriptor" % typ,
"manage_name_id_service", binding) "manage_name_id_service", binding)
def artifact_resolution_service(self, entity_id, binding=None, typ=None): def artifact_resolution_service(self, entity_id, binding=None, typ=None):
# IDP + SP # IDP + SP
if binding is None: if binding is None:
binding = BINDING_HTTP_REDIRECT binding = BINDING_HTTP_REDIRECT
return self.service(entity_id, "%s_descriptor" % typ, return self.service(entity_id, "%s_descriptor" % typ,
"artifact_resolution_service", binding) "artifact_resolution_service", binding)
def assertion_consumer_service(self, entity_id, binding=None, _="spsso"): def assertion_consumer_service(self, entity_id, binding=None, _="spsso"):
# SP # SP
if binding is None: if binding is None:
binding = BINDING_HTTP_POST binding = BINDING_HTTP_POST
return self.service(entity_id, "spsso_descriptor", return self.service(entity_id, "spsso_descriptor",
"assertion_consumer_service", binding) "assertion_consumer_service", binding)
def attribute_consuming_service(self, entity_id, binding=None, _="spsso"): def attribute_consuming_service(self, entity_id, binding=None, _="spsso"):
# SP # SP
if binding is None: if binding is None:
binding = BINDING_HTTP_REDIRECT binding = BINDING_HTTP_REDIRECT
return self.service(entity_id, "spsso_descriptor", return self.service(entity_id, "spsso_descriptor",
"attribute_consuming_service", binding) "attribute_consuming_service", binding)
def discovery_response(self, entity_id, binding=None, _="spsso"): def discovery_response(self, entity_id, binding=None, _="spsso"):
if binding is None: if binding is None:
@@ -863,7 +885,11 @@ class MetadataStore(object):
for _md in self.metadata.values(): for _md in self.metadata.values():
for ent_id, ent_desc in _md.items(): for ent_id, ent_desc in _md.items():
if descriptor in ent_desc: if descriptor in ent_desc:
res.append(ent_id) if ent_id in res:
#print "duplicated entity_id: %s" % res
pass
else:
res.append(ent_id)
return res return res
def service_providers(self): def service_providers(self):