openstack/deb-python-pysaml2
Code Issues Proposed changes

Made MetaData instances pickleable.

Browse Source
This commit is contained in:
Roland Hedberg
2015-12-01 12:53:35 +01:00
parent cff1391d73
commit 883b89efb0
17 changed files with 135 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
example/idp2/idp.py
View File

@@ -1073,11 +1073,11 @@ if __name__ == '__main__':
digest_alg = None
try:
sign_alg = CONFIG.SIGN_ALG
except:
except AttributeError:
pass
try:
digest_alg = CONFIG.DIGEST_ALG
except:
except AttributeError:
pass
ds.DefaultSignature(sign_alg, digest_alg)

24
src/saml2/config.py
View File

@@ -26,27 +26,6 @@ from saml2.virtual_org import VirtualOrg
logger = logging.getLogger(__name__)
from saml2 import md
from saml2 import saml
from saml2.extension import mdui
from saml2.extension import idpdisc
from saml2.extension import dri
from saml2.extension import mdattr
from saml2.extension import ui
from saml2 import xmldsig
from saml2 import xmlenc
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
COMMON_ARGS = [
"entityid", "xmlsec_binary", "debug", "key_file", "cert_file",
@@ -408,8 +387,7 @@ class Config(object):
except:
disable_validation = False
mds = MetadataStore(
list(ONTS.values()), acs, self, ca_certs,
mds = MetadataStore(acs, self, ca_certs,
disable_ssl_certificate_validation=disable_validation)
mds.imp(metadata_conf)

2
src/saml2/entity_category/edugain.py
View File

@@ -9,6 +9,6 @@ RELEASE = {
# "displayName", "schacHomeOrganization"],
COCO: ["eduPersonPrincipalName", "eduPersonScopedAffiliation",
'eduPersonAffiliation', "mail", "displayName", 'cn',
"schacHomeOrganization", 'schacHomeOrganizationType']
"schacHomeOrganization"]
}

87
src/saml2/mdstore.py
View File

@@ -9,18 +9,24 @@ import json
import requests
import six
from hashlib import sha1
from os.path import isfile, join
from os.path import isfile
from os.path import join
from saml2 import md
from saml2 import saml
from saml2 import samlp
from saml2 import xmldsig
from saml2 import xmlenc
from saml2 import SAMLError
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_HTTP_POST
from saml2 import BINDING_SOAP
from saml2.httpbase import HTTPBase
from saml2.extension.idpdisc import BINDING_DISCO
from saml2.extension.idpdisc import DiscoveryResponse
from saml2.md import EntitiesDescriptor
from saml2.mdie import to_dict
from saml2 import md
from saml2 import samlp
from saml2 import SAMLError
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_HTTP_POST
from saml2 import BINDING_SOAP
from saml2.s_utils import UnsupportedBinding
from saml2.s_utils import UnknownSystemEntity
from saml2.sigver import split_len
@@ -83,6 +89,24 @@ def load_extensions():
return ext_map
def load_metadata_modules():
mods = {
saml.NAMESPACE: saml,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
mods.update(load_extensions())
return mods
def metadata_modules():
_res = [saml, md, xmldsig, xmlenc]
_res.extend(list(load_extensions().values()))
return _res
def destinations(srvs):
return [s["location"] for s in srvs]
@@ -129,14 +153,16 @@ def repack_cert(cert):
class MetaData(object):
def __init__(self, onts, attrc, metadata='', node_name=None,
def __init__(self, attrc, metadata='', node_name=None,
check_validity=True, security=None, **kwargs):
self.onts = onts
self.attrc = attrc
self.metadata = metadata
self.entity = None
self.cert = None
self.to_old = []
self.node_name = node_name
self.check_validity = check_validity
self.security = security
def items(self):
'''
@@ -369,9 +395,9 @@ class MetaData(object):
class InMemoryMetaData(MetaData):
def __init__(self, onts, attrc, metadata="", node_name=None,
def __init__(self, attrc, metadata="", node_name=None,
check_validity=True, security=None, **kwargs):
super(InMemoryMetaData, self).__init__(onts, attrc, metadata=metadata)
super(InMemoryMetaData, self).__init__(attrc, metadata=metadata)
self.entity = {}
self.security = security
self.node_name = node_name
@@ -424,7 +450,7 @@ class InMemoryMetaData(MetaData):
entity_descr.entity_id, file=sys.stderr)
return
_ent = to_dict(entity_descr, self.onts)
_ent = to_dict(entity_descr, metadata_modules())
flag = 0
# verify support for SAML2
for descr in ["spsso", "idpsso", "role", "authn_authority",
@@ -597,8 +623,8 @@ class MetaDataFile(InMemoryMetaData):
the SAML Metadata format.
"""
def __init__(self, onts, attrc, filename=None, cert=None, **kwargs):
super(MetaDataFile, self).__init__(onts, attrc, **kwargs)
def __init__(self, attrc, filename=None, cert=None, **kwargs):
super(MetaDataFile, self).__init__(attrc, **kwargs)
if not filename:
raise SAMLError('No file specified.')
self.filename = filename
@@ -618,9 +644,9 @@ class MetaDataLoader(MetaDataFile):
The format of the file is the SAML Metadata format.
"""
def __init__(self, onts, attrc, loader_callable, cert=None,
def __init__(self, attrc, loader_callable, cert=None,
security=None, **kwargs):
super(MetaDataLoader, self).__init__(onts, attrc, **kwargs)
super(MetaDataLoader, self).__init__(attrc, **kwargs)
self.metadata_provider_callable = self.get_metadata_loader(
loader_callable)
self.cert = cert
@@ -662,17 +688,16 @@ class MetaDataExtern(InMemoryMetaData):
Accessible but HTTP GET.
"""
def __init__(self, onts, attrc, url=None, security=None, cert=None,
def __init__(self, attrc, url=None, security=None, cert=None,
http=None, **kwargs):
"""
:params onts:
:params attrc:
:params url: Location of the metadata
:params security: SecurityContext()
:params cert: CertificMDloaderate used to sign the metadata
:params http:
"""
super(MetaDataExtern, self).__init__(onts, attrc, **kwargs)
super(MetaDataExtern, self).__init__(attrc, **kwargs)
if not url:
raise SAMLError('URL not specified.')
else:
@@ -704,8 +729,8 @@ class MetaDataMD(InMemoryMetaData):
of the Python representation of the metadata.
"""
def __init__(self, onts, attrc, filename, **kwargs):
super(MetaDataMD, self).__init__(onts, attrc, **kwargs)
def __init__(self, attrc, filename, **kwargs):
super(MetaDataMD, self).__init__(attrc, **kwargs)
self.filename = filename
def load(self):
@@ -771,18 +796,16 @@ class MetaDataMDX(InMemoryMetaData):
class MetadataStore(MetaData):
def __init__(self, onts, attrc, config, ca_certs=None,
def __init__(self, attrc, config, ca_certs=None,
check_validity=True,
disable_ssl_certificate_validation=False,
filter=None):
"""
:params onts:
:params attrc:
:params config: Config()
:params ca_certs:
:params disable_ssl_certificate_validation:
"""
self.onts = onts
self.attrc = attrc
if disable_ssl_certificate_validation:
@@ -810,18 +833,18 @@ class MetadataStore(MetaData):
files = [f for f in os.listdir(key) if isfile(join(key, f))]
for fil in files:
_fil = join(key, fil)
_md = MetaDataFile(self.onts, self.attrc, _fil, **_args)
_md = MetaDataFile(self.attrc, _fil, **_args)
_md.load()
self.metadata[_fil] = _md
return
else:
# else it's just a plain old file so read it
_md = MetaDataFile(self.onts, self.attrc, key, **_args)
_md = MetaDataFile(self.attrc, key, **_args)
elif typ == "inline":
self.ii += 1
key = self.ii
kwargs.update(_args)
_md = InMemoryMetaData(self.onts, self.attrc, args[0])
_md = InMemoryMetaData(self.attrc, args[0])
elif typ == "remote":
key = kwargs["url"]
for _key in ["node_name", "check_validity"]:
@@ -833,15 +856,15 @@ class MetadataStore(MetaData):
if "cert" not in kwargs:
kwargs["cert"] = ""
_md = MetaDataExtern(self.onts, self.attrc,
_md = MetaDataExtern(self.attrc,
kwargs["url"], self.security,
kwargs["cert"], self.http, **_args)
elif typ == "mdfile":
key = args[0]
_md = MetaDataMD(self.onts, self.attrc, args[0], **_args)
_md = MetaDataMD(self.attrc, args[0], **_args)
elif typ == "loader":
key = args[0]
_md = MetaDataLoader(self.onts, self.attrc, args[0], **_args)
_md = MetaDataLoader(self.attrc, args[0], **_args)
else:
raise SAMLError("Unknown metadata type '%s'" % typ)
_md.load()
@@ -891,7 +914,7 @@ class MetadataStore(MetaData):
isfile(join(key[0], f))]
for fil in files:
_fil = join(key[0], fil)
_md = MetaDataFile(self.onts, self.attrc, _fil)
_md = MetaDataFile(self.attrc, _fil)
_md.load()
self.metadata[_fil] = _md
if _md.to_old:
@@ -901,7 +924,7 @@ class MetadataStore(MetaData):
if len(key) == 2:
kwargs["cert"] = key[1]
_md = MDloader(self.onts, self.attrc, key[0], **kwargs)
_md = MDloader(self.attrc, key[0], **kwargs)
_md.load()
self.metadata[key[0]] = _md
if _md.to_old:

40
src/saml2/mongo_store.py
View File

@@ -7,39 +7,25 @@ import pymongo.uri_parser
import pymongo.errors
from saml2.eptid import Eptid
from saml2.mdstore import InMemoryMetaData
from saml2.mdstore import metadata_modules
from saml2.mdstore import load_metadata_modules
from saml2.s_utils import PolicyError
from saml2.ident import code_binary, IdentDB, Unknown
from saml2.mdie import to_dict, from_dict
from saml2.ident import code_binary
from saml2.ident import IdentDB
from saml2.ident import Unknown
from saml2.mdie import to_dict
from saml2.mdie import from_dict
from saml2 import md
from saml2 import saml
from saml2.extension import mdui
from saml2.extension import idpdisc
from saml2.extension import dri
from saml2.extension import mdattr
from saml2.extension import ui
from saml2 import xmldsig
from saml2 import xmlenc
import six
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
__author__ = 'rolandh'
logger = logging.getLogger(__name__)
ONTS = load_metadata_modules()
MMODS = metadata_modules()
class CorruptDatabase(Exception):
pass
@@ -64,7 +50,7 @@ class SessionStorageMDB(object):
doc = {
"name_id_key": nkey,
"assertion_id": assertion.id,
"assertion": to_dict(assertion, ONTS.values(), True),
"assertion": to_dict(assertion, MMODS, True),
"to_sign": to_sign
}
@@ -151,7 +137,7 @@ class IdentMDB(IdentDB):
return _id
def store(self, ident, name_id):
self.mdb.store(ident, name_id=to_dict(name_id, ONTS.values(), True))
self.mdb.store(ident, name_id=to_dict(name_id, MMODS, True))
def find_nameid(self, userid, nformat=None, sp_name_qualifier=None,
name_qualifier=None, sp_provided_id=None, **kwargs):
@@ -172,13 +158,13 @@ class IdentMDB(IdentDB):
return res
def find_local_id(self, name_id):
cnid = to_dict(name_id, ONTS.values(), True)
cnid = to_dict(name_id, MMODS, True)
for item in self.mdb.get(name_id=cnid):
return item[self.mdb.primary_key]
return None
def remove_remote(self, name_id):
cnid = to_dict(name_id, ONTS.values(), True)
cnid = to_dict(name_id, MMODS, True)
self.mdb.remove(name_id=cnid)
def handle_name_id_mapping_request(self, name_id, name_id_policy):

12
src/saml2/sdb.py
View File

@@ -15,18 +15,6 @@ from saml2 import xmldsig
from saml2 import xmlenc
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
__author__ = 'rolandh'
logger = logging.getLogger(__name__)

26
tests/test_22_mdie.py
View File

@@ -1,30 +1,10 @@
__author__ = 'rolandh'
from saml2 import md
from saml2.mdie import from_dict
from saml2.mdstore import load_metadata_modules
from saml2 import saml
from saml2.extension import mdui
from saml2.extension import idpdisc
from saml2.extension import dri
from saml2.extension import mdattr
from saml2.extension import ui
from saml2 import xmldsig
from saml2 import xmlenc
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
__author__ = 'rolandh'
ONTS = load_metadata_modules()
def _eq(l1, l2):
return set(l1) == set(l2)

41
tests/test_30_mdstore.py
View File

@@ -9,21 +9,16 @@ from saml2.mdstore import MetadataStore
from saml2.mdstore import MetaDataMDX
from saml2.mdstore import SAML_METADATA_CONTENT_TYPE
from saml2.mdstore import destinations
from saml2.mdstore import load_extensions
from saml2.mdstore import name
from saml2 import md
from saml2 import sigver
from saml2 import BINDING_SOAP
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_HTTP_POST
from saml2 import BINDING_HTTP_ARTIFACT
from saml2 import saml
from saml2 import config
from saml2.attribute_converter import ac_factory
from saml2.attribute_converter import d_to_local_name
from saml2.s_utils import UnknownPrincipal
from saml2 import xmldsig
from saml2 import xmlenc
from pathutils import full_path
import responses
@@ -86,14 +81,6 @@ TEST_METADATA_STRING = """
</EntitiesDescriptor>
""".format(cert_data=TEST_CERT)
ONTS = {
saml.NAMESPACE: saml,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
ONTS.update(load_extensions())
ATTRCONV = ac_factory(full_path("attributemaps"))
@@ -167,7 +154,7 @@ def _fix_valid_until(xmlstring):
def test_swami_1():
UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php'
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["1"])
@@ -200,7 +187,7 @@ def test_swami_1():
def test_incommon_1():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["2"])
@@ -238,7 +225,7 @@ def test_incommon_1():
def test_ext_2():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["3"])
@@ -251,7 +238,7 @@ def test_ext_2():
def test_example():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["4"])
@@ -267,7 +254,7 @@ def test_example():
def test_switch_1():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["5"])
@@ -296,7 +283,7 @@ def test_switch_1():
def test_metadata_file():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["8"])
@@ -339,7 +326,7 @@ def test_mdx_single_sign_on_service():
# sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
# http = HTTPBase(verify=False, ca_bundle=None)
#
# mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV,
# mdx = MetaDataMDX(quote_plus, ATTRCONV,
# "http://pyff-test.nordu.net",
# sec_config, None, http)
# foo = mdx.service("https://idp.umu.se/saml2/idp/metadata.php",
@@ -353,7 +340,7 @@ def test_mdx_single_sign_on_service():
# sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
# http = HTTPBase(verify=False, ca_bundle=None)
#
# mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV,
# mdx = MetaDataMDX(quote_plus, ATTRCONV,
# "http://pyff-test.nordu.net",
# sec_config, None, http)
# foo = mdx.certs("https://idp.umu.se/saml2/idp/metadata.php", "idpsso")
@@ -363,7 +350,7 @@ def test_mdx_single_sign_on_service():
def test_load_local_dir():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["9"])
@@ -374,7 +361,7 @@ def test_load_local_dir():
def test_load_extern_incommon():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["10"])
@@ -398,7 +385,7 @@ def test_load_local():
def test_load_string():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["11"])
@@ -415,7 +402,7 @@ def test_load_string():
def test_get_certs_from_metadata():
mds = MetadataStore(ONTS.values(), ATTRCONV, None)
mds = MetadataStore(ATTRCONV, None)
mds.imp(METADATACONF["11"])
certs1 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "any")
certs2 = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "idpsso")
@@ -424,7 +411,7 @@ def test_get_certs_from_metadata():
def test_get_certs_from_metadata_without_keydescriptor():
mds = MetadataStore(ONTS.values(), ATTRCONV, None)
mds = MetadataStore(ATTRCONV, None)
mds.imp([{
"class": "saml2.mdstore.InMemoryMetaData",
"metadata": [("""
@@ -461,7 +448,7 @@ def test_get_certs_from_metadata_without_keydescriptor():
assert len(certs) == 0
def test_metadata_extension_algsupport():
mds = MetadataStore(list(ONTS.values()), ATTRCONV, None)
mds = MetadataStore(ATTRCONV, None)
mds.imp(METADATACONF["12"])
mdf = mds.metadata[full_path("uu.xml")]
assert mds

34
tests/test_30_mdstore_old.py
View File

@@ -84,18 +84,6 @@ TEST_METADATA_STRING = """
</EntitiesDescriptor>
"""
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
ATTRCONV = ac_factory(full_path("attributemaps"))
METADATACONF = {
@@ -151,7 +139,7 @@ def _fix_valid_until(xmlstring):
def test_swami_1():
UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php'
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["1"])
@@ -184,7 +172,7 @@ def test_swami_1():
def test_incommon_1():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["2"])
@@ -222,7 +210,7 @@ def test_incommon_1():
def test_ext_2():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["3"])
@@ -235,7 +223,7 @@ def test_ext_2():
def test_example():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["4"])
@@ -251,7 +239,7 @@ def test_example():
def test_switch_1():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["5"])
@@ -280,7 +268,7 @@ def test_switch_1():
def test_metadata_file():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["8"])
@@ -292,7 +280,7 @@ def test_metadata_file():
# sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
# http = HTTPBase(verify=False, ca_bundle=None)
#
# mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV,
# mdx = MetaDataMDX(quote_plus, ATTRCONV,
# "http://pyff-test.nordu.net",
# sec_config, None, http)
# foo = mdx.service("https://idp.umu.se/saml2/idp/metadata.php",
@@ -306,7 +294,7 @@ def test_metadata_file():
# sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
# http = HTTPBase(verify=False, ca_bundle=None)
#
# mdx = MetaDataMDX(quote_plus, ONTS.values(), ATTRCONV,
# mdx = MetaDataMDX(quote_plus, ATTRCONV,
# "http://pyff-test.nordu.net",
# sec_config, None, http)
# foo = mdx.certs("https://idp.umu.se/saml2/idp/metadata.php", "idpsso")
@@ -316,7 +304,7 @@ def test_metadata_file():
def test_load_local_dir():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["9"])
@@ -327,7 +315,7 @@ def test_load_local_dir():
def test_load_external():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["10"])
@@ -338,7 +326,7 @@ def test_load_external():
def test_load_string():
sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp(METADATACONF["11"])

19
tests/test_37_entity_categories.py
View File

@@ -15,17 +15,6 @@ from saml2.server import Server
from saml2 import xmldsig
from saml2 import xmlenc
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
ATTRCONV = ac_factory(full_path("attributemaps"))
sec_config = config.Config()
@@ -33,7 +22,7 @@ sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"])
__author__ = 'rolandh'
MDS = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
MDS = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
MDS.imp([{"class": "saml2.mdstore.MetaDataMD",
"metadata": [(full_path("swamid.md"),)]}])
@@ -90,7 +79,7 @@ def test_filter_ava3():
}
})
mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp([{"class": "saml2.mdstore.MetaDataFile",
"metadata": [(full_path("entity_cat_sfs_hei.xml"),)]}])
@@ -114,7 +103,7 @@ def test_filter_ava4():
}
})
mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp([{"class": "saml2.mdstore.MetaDataFile",
"metadata": [(full_path("entity_cat_re_nren.xml"),)]}])
@@ -140,7 +129,7 @@ def test_filter_ava5():
}
})
mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True)
mds.imp([{"class": "saml2.mdstore.MetaDataFile",
"metadata": [(full_path("entity_cat_re.xml"),)]}])

15
tests/test_38_metadata_filter.py
View File

@@ -19,17 +19,6 @@ __author__ = 'roland'
sec_config = config.Config()
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
ATTRCONV = ac_factory(full_path("attributemaps"))
@@ -41,7 +30,7 @@ METADATACONF = {
}
def test_swamid_sp():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True,
filter=AllowDescriptor(["spsso"]))
@@ -52,7 +41,7 @@ def test_swamid_sp():
assert idps == {}
def test_swamid_idp():
mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config,
mds = MetadataStore(ATTRCONV, sec_config,
disable_ssl_certificate_validation=True,
filter=AllowDescriptor(["idpsso"]))

48
tests/test_76_metadata_in_mdb.py
View File

@@ -1,8 +1,5 @@
# -*- coding: utf-8 -*-
from pymongo.errors import ConnectionFailure
__author__ = 'rolandh'
from saml2.attribute_converter import d_to_local_name
from saml2.attribute_converter import ac_factory
from saml2.mongo_store import export_mdstore_to_mongo_db
@@ -10,32 +7,11 @@ from saml2.mongo_store import MetadataMDB
from saml2.mdstore import MetadataStore
from saml2.mdstore import destinations
from saml2.mdstore import name
from saml2 import saml
from saml2 import md
from saml2 import config
from saml2.extension import mdui
from saml2.extension import idpdisc
from saml2.extension import dri
from saml2.extension import mdattr
from saml2.extension import ui
from saml2 import xmldsig
from saml2 import xmlenc
from pathutils import full_path
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc
}
__author__ = 'rolandh'
ATTRCONV = ac_factory(full_path("attributemaps"))
@@ -47,13 +23,14 @@ def _eq(l1, l2):
def test_metadata():
conf = config.Config()
conf.load_file("idp_conf_mdb")
UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php'
umu_idp = 'https://idp.umu.se/saml2/idp/metadata.php'
# Set up a Metadata store
mds = MetadataStore(ONTS.values(), ATTRCONV, conf,
mds = MetadataStore(ATTRCONV, conf,
disable_ssl_certificate_validation=True)
# Import metadata from local file.
mds.imp([{"class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("swamid-2.0.xml"), )]}])
mds.imp([{"class": "saml2.mdstore.MetaDataFile",
"metadata": [(full_path("swamid-2.0.xml"), )]}])
assert len(mds) == 1 # One source
try:
@@ -61,20 +38,20 @@ def test_metadata():
except ConnectionFailure:
pass
else:
mdmdb = MetadataMDB(ONTS, ATTRCONV, "metadata", "test")
mdmdb = MetadataMDB(ATTRCONV, "metadata", "test")
# replace all metadata instances with this one
mds.metadata = {"mongo_db": mdmdb}
idps = mds.with_descriptor("idpsso")
assert idps.keys()
idpsso = mds.single_sign_on_service(UMU_IDP)
idpsso = mds.single_sign_on_service(umu_idp)
assert len(idpsso) == 1
assert destinations(idpsso) == [
'https://idp.umu.se/saml2/idp/SSOService.php']
_name = name(mds[UMU_IDP])
_name = name(mds[umu_idp])
assert _name == u'Ume\xe5 University'
certs = mds.certs(UMU_IDP, "idpsso", "signing")
certs = mds.certs(umu_idp, "idpsso", "signing")
assert len(certs) == 1
sps = mds.with_descriptor("spsso")
@@ -83,8 +60,9 @@ def test_metadata():
wants = mds.attribute_requirement('https://connect.sunet.se/shibboleth')
assert wants["optional"] == []
lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]]
assert _eq(lnamn, ['eduPersonPrincipalName', 'mail', 'givenName', 'sn',
'eduPersonScopedAffiliation', 'eduPersonAffiliation'])
assert _eq(lnamn,
['eduPersonPrincipalName', 'mail', 'givenName', 'sn',
'eduPersonScopedAffiliation', 'eduPersonAffiliation'])
wants = mds.attribute_requirement(
"https://gidp.geant.net/sp/module.php/saml/sp/metadata.php/default-sp")

15
tools/mdexport.py
View File

@@ -20,16 +20,6 @@ A script that imports and verifies metadata and then dumps it in a basic
dictionary format.
"""
ONTS = {
saml.NAMESPACE: saml,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc,
}
ONTS.update(load_extensions())
parser = argparse.ArgumentParser()
parser.add_argument('-t', dest='type')
parser.add_argument('-u', dest='url')
@@ -44,14 +34,13 @@ args = parser.parse_args()
metad = None
if args.type == "local":
metad = MetaDataFile(ONTS.values(), args.item, args.item)
metad = MetaDataFile(args.item, args.item)
elif args.type == "external":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto)
metad = MetaDataExtern(ONTS.values(), ATTRCONV, args.url,
sc, cert=args.cert, http=httpc)
metad = MetaDataExtern(ATTRCONV, args.url, sc, cert=args.cert, http=httpc)
if metad is not None:
metad.load()

19
tools/mdexport_test.py
View File

@@ -22,19 +22,6 @@ dictionary format.
"""
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc,
shibmd.NAMESPACE: shibmd
}
MDIMPORT = {
"swamid": {
"url": "https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2",
@@ -58,10 +45,10 @@ def main():
metad = None
if item["type"] == "local":
metad = MetaDataFile(sys.argv[1], ONTS.values(), item["file"])
metad = MetaDataFile(sys.argv[1], item["file"])
elif item["type"] == "external":
metad = MetaDataExtern(sys.argv[1], ONTS.values(),
item["url"], "/opt/local/bin/xmlsec1", item["cert"])
metad = MetaDataExtern(sys.argv[1], item["url"],
"/opt/local/bin/xmlsec1", item["cert"])
if metad:
metad.load()

27
tools/mdimport.py
View File

@@ -1,36 +1,13 @@
#!/usr/bin/env python
import sys
import time
from saml2.attribute_converter import ac_factory
from saml2.mdstore import MetaDataMD, MetaDataFile
__author__ = 'rolandh'
from saml2 import xmldsig
from saml2 import xmlenc
from saml2 import md
from saml2 import saml
from saml2.extension import dri
from saml2.extension import idpdisc
from saml2.extension import mdattr
from saml2.extension import mdui
from saml2.extension import ui
ONTS = {
dri.NAMESPACE: dri,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
mdattr.NAMESPACE: mdattr,
mdui.NAMESPACE: mdui,
saml.NAMESPACE: saml,
ui.NAMESPACE: ui,
xmlenc.NAMESPACE: xmlenc,
xmldsig.NAMESPACE: xmldsig,
}
start = time.time()
for i in range(1, 10):
mdmd = MetaDataMD(ONTS, ac_factory("../tests/attributemaps"), "swamid2.md")
mdmd = MetaDataMD(ac_factory("../tests/attributemaps"), "swamid2.md")
mdmd.load()
_ = mdmd.keys()
@@ -39,7 +16,7 @@ print(time.time() - start)
start = time.time()
for i in range(1, 10):
mdf = MetaDataFile(ONTS.values(), ac_factory("../tests/attributemaps"),
mdf = MetaDataFile(ac_factory("../tests/attributemaps"),
"../tests/swamid-2.0.xml")
mdf.load()
_ = mdf.keys()

37
tools/merge_metadata.py
View File

@@ -1,20 +1,7 @@
#!/usr/bin/env python
from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext
from saml2.httpbase import HTTPBase
from saml2 import saml
from saml2 import md
from saml2.attribute_converter import ac_factory
from saml2.extension import dri
from saml2.extension import idpdisc
from saml2.extension import mdattr
from saml2.extension import mdrpi
from saml2.extension import mdui
from saml2.extension import shibmd
from saml2.extension import ui
from saml2 import xmldsig
from saml2 import xmlenc
import argparse
from saml2.mdstore import MetaDataFile, MetaDataExtern, MetadataStore
@@ -25,22 +12,6 @@ __author__ = 'rolandh'
A script that imports and verifies metadata.
"""
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
mdrpi.NAMESPACE: mdrpi,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc,
shibmd.NAMESPACE: shibmd
}
parser = argparse.ArgumentParser()
parser.add_argument('-a', dest='attrsmap')
parser.add_argument('-o', dest='output', default="local")
@@ -65,7 +36,7 @@ metad = None
ATTRCONV = ac_factory(args.attrsmap)
mds = MetadataStore(ONTS.values(), None, None)
mds = MetadataStore(None, None)
for line in open(args.conf).readlines():
line = line.strip()
@@ -81,14 +52,14 @@ for line in open(args.conf).readlines():
kwargs = {}
if spec[0] == "local":
metad = MetaDataFile(ONTS.values(), spec[1], spec[1], **kwargs)
metad = MetaDataFile(spec[1], spec[1], **kwargs)
elif spec[0] == "remote":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto, key_type="", cert_type="")
metad = MetaDataExtern(ONTS.values(), ATTRCONV, spec[1],
sc, cert=spec[2], http=httpc, **kwargs)
metad = MetaDataExtern(ATTRCONV, spec[1], sc, cert=spec[2], http=httpc,
**kwargs)
if metad is not None:
try:

25
tools/verify_metadata.py
View File

@@ -30,21 +30,6 @@ A script that imports and verifies metadata.
"""
ONTS = {
saml.NAMESPACE: saml,
mdui.NAMESPACE: mdui,
mdattr.NAMESPACE: mdattr,
mdrpi.NAMESPACE: mdrpi,
dri.NAMESPACE: dri,
ui.NAMESPACE: ui,
idpdisc.NAMESPACE: idpdisc,
md.NAMESPACE: md,
xmldsig.NAMESPACE: xmldsig,
xmlenc.NAMESPACE: xmlenc,
shibmd.NAMESPACE: shibmd
}
parser = argparse.ArgumentParser()
parser.add_argument('-t', dest='type')
parser.add_argument('-u', dest='url')
@@ -68,17 +53,17 @@ if args.type == "local":
if args.cert and args.xmlsec:
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto)
metad = MetaDataFile(ONTS.values(), args.item, args.item,
cert=args.cert, security=sc, **kwargs)
metad = MetaDataFile(args.item, args.item, cert=args.cert, security=sc,
**kwargs)
else:
metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs)
metad = MetaDataFile(args.item, args.item, **kwargs)
elif args.type == "external":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto)
metad = MetaDataExtern(ONTS.values(), ATTRCONV, args.url,
sc, cert=args.cert, http=httpc, **kwargs)
metad = MetaDataExtern(ATTRCONV, args.url, sc, cert=args.cert, http=httpc,
**kwargs)
if metad:
try: