openstack/deb-python-pysaml2
Code Issues Proposed changes

When producing metadata you might want to produce just an entitydescriptor and not an entitiesdescriptor

Browse Source
This commit is contained in:
Roland Hedberg
2011-04-18 22:07:26 +02:00
parent 29cbad8411
commit 8dcc324fa8
4 changed files with 54 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/saml2/metadata.py
View File

@@ -986,3 +986,15 @@ def entities_descriptor(eds, valid_for, name, ident, sign, secc):
class_name(entities))
entities = md.entities_descriptor_from_string(xmldoc)
return entities
def sign_entity_descriptor(edesc, valid_for, ident, secc):
if valid_for:
edesc.valid_until = in_a_while(hours=valid_for)
if not ident:
ident = sid()
edesc.signature = pre_signature_part(ident, secc.my_cert, 1)
edesc.id = ident
xmldoc = secc.sign_statement_using_xmlsec("%s" % edesc, class_name(edesc))
return md.entity_descriptor_from_string(xmldoc)

11
src/saml2/sigver.py
View File

@@ -484,11 +484,12 @@ class SecurityContext(object):
except AttributeError:
issuer = None
certs = []
# if self.metadata:
# certs = self.metadata.certs(issuer, "signing")
# else:
# More trust in certs from metadata then certs in the XML document
if self.metadata:
certs = self.metadata.certs(issuer, "signing")
else:
certs = []
if not certs:
#print "==== Certs from instance ===="
certs = [make_temp(pem_format(cert), ".pem", False) \

14
tests/test_30_metadata.py
View File

@@ -425,7 +425,13 @@ def test_attributes():
assert ra[0].name == 'urn:oid:2.5.4.4'
# TODO
#def test_extend():
# md = metadata.MetaData(attrconv=ATTRCONV)
# md.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-")
def test_extend():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-")
signcerts = md.certs("https://coip-test.sunet.se/shibboleth", "signing")
assert len(signcerts) == 1
enccerts = md.certs("https://coip-test.sunet.se/shibboleth", "encryption")
assert len(enccerts) == 1
assert signcerts[0] == enccerts[0]

32
tools/make_metadata.py
View File

@@ -4,7 +4,9 @@ import getopt
import sys
from saml2.metadata import entity_descriptor, entities_descriptor
from saml2.metadata import sign_entity_descriptor
from saml2.sigver import SecurityContext
from saml2.sigver import get_xmlsec_binary
from saml2.validate import valid_instance
from saml2.config import Config
@@ -29,9 +31,9 @@ class Usage(Exception):
def main(args):
try:
opts, args = getopt.getopt(args, "c:hi:k:sv:x:",
opts, args = getopt.getopt(args, "c:ehi:k:p:sv:x:",
["help", "name", "id", "keyfile", "sign",
"valid", "xmlsec"])
"valid", "xmlsec", "entityid", "path"])
except getopt.GetoptError, err:
# print help information and exit:
raise Usage(err) # will print something like "option -a not recognized"
@@ -45,6 +47,8 @@ def main(args):
xmlsec = ""
keyfile = ""
pubkeyfile = ""
entitiesid = True
path = []
try:
for o, a in opts:
@@ -64,6 +68,10 @@ def main(args):
keyfile = a
elif o in ("-c", "--certfile"):
pubkeyfile = a
elif o in ("-e", "--entityid"):
entitiesid = False
elif o in ("-p", "--path"):
path = [x.strip() for x in a.split(":")]
else:
assert False, "unhandled option %s" % o
except Usage, err:
@@ -71,6 +79,9 @@ def main(args):
print >> sys.stderr, "\t for help use --help"
return 2
if not xmlsec:
xmlsec = get_xmlsec_binary(path)
eds = []
for filespec in args:
bas, fil = os.path.split(filespec)
@@ -82,10 +93,19 @@ def main(args):
eds.append(entity_descriptor(cnf, valid_for))
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
valid_instance(desc)
print desc
if entitiesid:
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
valid_instance(desc)
print desc
else:
for eid in eds:
if sign:
desc = sign_entity_descriptor(eid, valid_for, id, secc)
else:
desc = eid
valid_instance(desc)
print desc
if __name__ == "__main__":
import sys