When producing metadata you might want to produce just an entitydescriptor and not an entitiesdescriptor
This commit is contained in:
Roland Hedberg
@@ -986,3 +986,15 @@ def entities_descriptor(eds, valid_for, name, ident, sign, secc):
|
|||||||
class_name(entities))
|
class_name(entities))
|
||||||
entities = md.entities_descriptor_from_string(xmldoc)
|
entities = md.entities_descriptor_from_string(xmldoc)
|
||||||
return entities
|
return entities
|
||||||
|
|
||||||
|
def sign_entity_descriptor(edesc, valid_for, ident, secc):
|
||||||
|
if valid_for:
|
||||||
|
edesc.valid_until = in_a_while(hours=valid_for)
|
||||||
|
|
||||||
|
if not ident:
|
||||||
|
ident = sid()
|
||||||
|
|
||||||
|
edesc.signature = pre_signature_part(ident, secc.my_cert, 1)
|
||||||
|
edesc.id = ident
|
||||||
|
xmldoc = secc.sign_statement_using_xmlsec("%s" % edesc, class_name(edesc))
|
||||||
|
return md.entity_descriptor_from_string(xmldoc)
|
||||||
|
|||||||
@@ -484,11 +484,12 @@ class SecurityContext(object):
|
|||||||
except AttributeError:
|
except AttributeError:
|
||||||
issuer = None
|
issuer = None
|
||||||
|
|
||||||
certs = []
|
# More trust in certs from metadata then certs in the XML document
|
||||||
# if self.metadata:
|
if self.metadata:
|
||||||
# certs = self.metadata.certs(issuer, "signing")
|
certs = self.metadata.certs(issuer, "signing")
|
||||||
# else:
|
else:
|
||||||
|
certs = []
|
||||||
|
|
||||||
if not certs:
|
if not certs:
|
||||||
#print "==== Certs from instance ===="
|
#print "==== Certs from instance ===="
|
||||||
certs = [make_temp(pem_format(cert), ".pem", False) \
|
certs = [make_temp(pem_format(cert), ".pem", False) \
|
||||||
|
|||||||
@@ -425,7 +425,13 @@ def test_attributes():
|
|||||||
assert ra[0].name == 'urn:oid:2.5.4.4'
|
assert ra[0].name == 'urn:oid:2.5.4.4'
|
||||||
|
|
||||||
|
|
||||||
# TODO
|
def test_extend():
|
||||||
#def test_extend():
|
md = metadata.MetaData(attrconv=ATTRCONV)
|
||||||
# md = metadata.MetaData(attrconv=ATTRCONV)
|
md.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-")
|
||||||
# md.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-")
|
|
||||||
|
signcerts = md.certs("https://coip-test.sunet.se/shibboleth", "signing")
|
||||||
|
assert len(signcerts) == 1
|
||||||
|
enccerts = md.certs("https://coip-test.sunet.se/shibboleth", "encryption")
|
||||||
|
assert len(enccerts) == 1
|
||||||
|
assert signcerts[0] == enccerts[0]
|
||||||
|
|
||||||
@@ -4,7 +4,9 @@ import getopt
|
|||||||
import sys
|
import sys
|
||||||
|
|
||||||
from saml2.metadata import entity_descriptor, entities_descriptor
|
from saml2.metadata import entity_descriptor, entities_descriptor
|
||||||
|
from saml2.metadata import sign_entity_descriptor
|
||||||
from saml2.sigver import SecurityContext
|
from saml2.sigver import SecurityContext
|
||||||
|
from saml2.sigver import get_xmlsec_binary
|
||||||
from saml2.validate import valid_instance
|
from saml2.validate import valid_instance
|
||||||
from saml2.config import Config
|
from saml2.config import Config
|
||||||
|
|
||||||
@@ -29,9 +31,9 @@ class Usage(Exception):
|
|||||||
|
|
||||||
def main(args):
|
def main(args):
|
||||||
try:
|
try:
|
||||||
opts, args = getopt.getopt(args, "c:hi:k:sv:x:",
|
opts, args = getopt.getopt(args, "c:ehi:k:p:sv:x:",
|
||||||
["help", "name", "id", "keyfile", "sign",
|
["help", "name", "id", "keyfile", "sign",
|
||||||
"valid", "xmlsec"])
|
"valid", "xmlsec", "entityid", "path"])
|
||||||
except getopt.GetoptError, err:
|
except getopt.GetoptError, err:
|
||||||
# print help information and exit:
|
# print help information and exit:
|
||||||
raise Usage(err) # will print something like "option -a not recognized"
|
raise Usage(err) # will print something like "option -a not recognized"
|
||||||
@@ -45,6 +47,8 @@ def main(args):
|
|||||||
xmlsec = ""
|
xmlsec = ""
|
||||||
keyfile = ""
|
keyfile = ""
|
||||||
pubkeyfile = ""
|
pubkeyfile = ""
|
||||||
|
entitiesid = True
|
||||||
|
path = []
|
||||||
|
|
||||||
try:
|
try:
|
||||||
for o, a in opts:
|
for o, a in opts:
|
||||||
@@ -64,6 +68,10 @@ def main(args):
|
|||||||
keyfile = a
|
keyfile = a
|
||||||
elif o in ("-c", "--certfile"):
|
elif o in ("-c", "--certfile"):
|
||||||
pubkeyfile = a
|
pubkeyfile = a
|
||||||
|
elif o in ("-e", "--entityid"):
|
||||||
|
entitiesid = False
|
||||||
|
elif o in ("-p", "--path"):
|
||||||
|
path = [x.strip() for x in a.split(":")]
|
||||||
else:
|
else:
|
||||||
assert False, "unhandled option %s" % o
|
assert False, "unhandled option %s" % o
|
||||||
except Usage, err:
|
except Usage, err:
|
||||||
@@ -71,6 +79,9 @@ def main(args):
|
|||||||
print >> sys.stderr, "\t for help use --help"
|
print >> sys.stderr, "\t for help use --help"
|
||||||
return 2
|
return 2
|
||||||
|
|
||||||
|
if not xmlsec:
|
||||||
|
xmlsec = get_xmlsec_binary(path)
|
||||||
|
|
||||||
eds = []
|
eds = []
|
||||||
for filespec in args:
|
for filespec in args:
|
||||||
bas, fil = os.path.split(filespec)
|
bas, fil = os.path.split(filespec)
|
||||||
@@ -82,10 +93,19 @@ def main(args):
|
|||||||
eds.append(entity_descriptor(cnf, valid_for))
|
eds.append(entity_descriptor(cnf, valid_for))
|
||||||
|
|
||||||
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
|
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
|
||||||
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
|
if entitiesid:
|
||||||
valid_instance(desc)
|
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
|
||||||
print desc
|
valid_instance(desc)
|
||||||
|
print desc
|
||||||
|
else:
|
||||||
|
for eid in eds:
|
||||||
|
if sign:
|
||||||
|
desc = sign_entity_descriptor(eid, valid_for, id, secc)
|
||||||
|
else:
|
||||||
|
desc = eid
|
||||||
|
valid_instance(desc)
|
||||||
|
print desc
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user