openstack
/
deb-python-pysaml2
Code Issues Proposed changes

Added algsupport

This commit is contained in:
Roland Hedberg 2015-11-19 14:39:05 +01:00
parent 048797c99c
commit 98d89d6859
4 changed files with 101 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
src/saml2/algsupport.py Normal file
View File

@ -0,0 +1,76 @@
from subprocess import Popen, PIPE
from saml2.sigver import get_xmlsec_binary
from saml2.extension.algsupport import SigningMethod
from saml2.extension.algsupport import DigestMethod
__author__ = 'roland'
DIGEST_METHODS = {
"hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
"hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
"hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
"hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
"hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384',
"hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512',
"hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160'
}
SIGNING_METHODS = {
"rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
"rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
"rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
"rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
"rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
"rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
"rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
"dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1',
'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256',
'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1',
'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224',
'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256',
'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384',
'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512',
}
def get_algorithm_support(xmlsec):
com_list = [xmlsec, '--list-transforms']
pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
p_out = pof.stdout.read().decode('utf-8')
p_err = pof.stderr.read().decode('utf-8')
if not p_err:
p = p_out.split('\n')
algs = [x.strip('"') for x in p[1].split(',')]
digest = []
signing = []
for alg in algs:
if alg in DIGEST_METHODS:
digest.append(alg)
elif alg in SIGNING_METHODS:
signing.append(alg)
return {"digest": digest, "signing": signing}
raise SystemError(p_err)
def algorithm_support_in_metadata(xmlsec):
if xmlsec is None:
return []
support = get_algorithm_support(xmlsec)
element_list = []
for alg in support["digest"]:
element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
for alg in support["signing"]:
element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
return element_list
if __name__ == '__main__':
xmlsec = get_xmlsec_binary()
res = get_algorithm_support(xmlsec)
print(res)
for a in algorithm_support_in_metadata(xmlsec):
print(a)

39
tests/server2_conf.py
View File

@ -1,46 +1,47 @@
from pathutils import full_path
CONFIG = {
"entityid" : "urn:mace:example.com:saml:roland:sp",
"name" : "urn:mace:example.com:saml:roland:sp",
"entityid": "urn:mace:example.com:saml:roland:sp",
"name": "urn:mace:example.com:saml:roland:sp",
"description": "My own SP",
"service": {
"sp": {
"endpoints":{
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
"endpoints": {
"assertion_consumer_service": [
"http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp":["urn:mace:example.com:saml:roland:idp"],
"idp": ["urn:mace:example.com:saml:roland:idp"],
"subject_data": "subject_data.db",
}
},
"debug" : 1,
"key_file" : full_path("test.key"),
"cert_file" : full_path("test.pem"),
"xmlsec_binary" : None,
"debug": 1,
"key_file": full_path("test.key"),
"cert_file": full_path("test.pem"),
"xmlsec_binary": None,
"metadata": {
"local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")],
},
"virtual_organization" : {
"urn:mace:example.com:it:tek":{
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"virtual_organization": {
"urn:mace:example.com:it:tek": {
"nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"common_identifier": "umuselin",
}
},
"accepted_time_diff": 60,
"attribute_map_dir" : full_path("attributemaps"),
"attribute_map_dir": full_path("attributemaps"),
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
"url": "http://www.example.org",
},
"contact_person": [{
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@example.com", "tech@example.org"],
"contact_type": "technical"
},
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@example.com", "tech@example.org"],
"contact_type": "technical"
},
]
}

4
tests/sp_mdext_conf.py
View File

@ -1,4 +1,4 @@
from pathutils import full_path
from pathutils import full_path, xmlsec_path
CONFIG = {
"entityid": "urn:mace:example.com:saml:roland:sp",
@ -38,7 +38,7 @@ CONFIG = {
"debug": 1,
"key_file": full_path("test.key"),
"cert_file": full_path("test.pem"),
"xmlsec_binary": None,
"xmlsec_binary": xmlsec_path,
"metadata": {
"local": [full_path("idp_2.xml")],
},

3
tests/test_83_md_extensions.py
View File

@ -12,3 +12,6 @@ print(ed)
assert ed.spsso_descriptor.extensions
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
assert ed.extensions
assert len(ed.extensions.extension_elements) > 1