diff --git a/src/saml2/algsupport.py b/src/saml2/algsupport.py new file mode 100644 index 0000000..0682894 --- /dev/null +++ b/src/saml2/algsupport.py @@ -0,0 +1,76 @@ +from subprocess import Popen, PIPE +from saml2.sigver import get_xmlsec_binary +from saml2.extension.algsupport import SigningMethod +from saml2.extension.algsupport import DigestMethod + +__author__ = 'roland' + +DIGEST_METHODS = { + "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only! + "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1', + "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224', + "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256', + "hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384', + "hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512', + "hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160' +} + +SIGNING_METHODS = { + "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5', + "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160', + "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', + "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224', + "rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + "rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384', + "rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', + "dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1', + 'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256', + 'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1', + 'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224', + 'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256', + 'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384', + 'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512', +} + + +def get_algorithm_support(xmlsec): + com_list = [xmlsec, '--list-transforms'] + pof = Popen(com_list, stderr=PIPE, stdout=PIPE) + + p_out = pof.stdout.read().decode('utf-8') + p_err = pof.stderr.read().decode('utf-8') + + if not p_err: + p = p_out.split('\n') + algs = [x.strip('"') for x in p[1].split(',')] + digest = [] + signing = [] + for alg in algs: + if alg in DIGEST_METHODS: + digest.append(alg) + elif alg in SIGNING_METHODS: + signing.append(alg) + + return {"digest": digest, "signing": signing} + + raise SystemError(p_err) + + +def algorithm_support_in_metadata(xmlsec): + if xmlsec is None: + return [] + + support = get_algorithm_support(xmlsec) + element_list = [] + for alg in support["digest"]: + element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg])) + for alg in support["signing"]: + element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg])) + return element_list + +if __name__ == '__main__': + xmlsec = get_xmlsec_binary() + res = get_algorithm_support(xmlsec) + print(res) + for a in algorithm_support_in_metadata(xmlsec): + print(a) \ No newline at end of file diff --git a/tests/server2_conf.py b/tests/server2_conf.py index bd098db..88fabe5 100644 --- a/tests/server2_conf.py +++ b/tests/server2_conf.py @@ -1,46 +1,47 @@ from pathutils import full_path CONFIG = { - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", + "entityid": "urn:mace:example.com:saml:roland:sp", + "name": "urn:mace:example.com:saml:roland:sp", "description": "My own SP", "service": { "sp": { - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + "endpoints": { + "assertion_consumer_service": [ + "http://lingon.catalogix.se:8087/"], }, "required_attributes": ["surName", "givenName", "mail"], "optional_attributes": ["title"], - "idp":["urn:mace:example.com:saml:roland:idp"], + "idp": ["urn:mace:example.com:saml:roland:idp"], "subject_data": "subject_data.db", } }, - "debug" : 1, - "key_file" : full_path("test.key"), - "cert_file" : full_path("test.pem"), - "xmlsec_binary" : None, + "debug": 1, + "key_file": full_path("test.key"), + "cert_file": full_path("test.pem"), + "xmlsec_binary": None, "metadata": { "local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")], }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "virtual_organization": { + "urn:mace:example.com:it:tek": { + "nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", "common_identifier": "umuselin", } }, "accepted_time_diff": 60, - "attribute_map_dir" : full_path("attributemaps"), + "attribute_map_dir": full_path("attributemaps"), "organization": { "name": ("AB Exempel", "se"), "display_name": ("AB Exempel", "se"), "url": "http://www.example.org", }, "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@example.com", "tech@example.org"], - "contact_type": "technical" - }, + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@example.com", "tech@example.org"], + "contact_type": "technical" + }, ] } diff --git a/tests/sp_mdext_conf.py b/tests/sp_mdext_conf.py index 3be519b..67e3341 100644 --- a/tests/sp_mdext_conf.py +++ b/tests/sp_mdext_conf.py @@ -1,4 +1,4 @@ -from pathutils import full_path +from pathutils import full_path, xmlsec_path CONFIG = { "entityid": "urn:mace:example.com:saml:roland:sp", @@ -38,7 +38,7 @@ CONFIG = { "debug": 1, "key_file": full_path("test.key"), "cert_file": full_path("test.pem"), - "xmlsec_binary": None, + "xmlsec_binary": xmlsec_path, "metadata": { "local": [full_path("idp_2.xml")], }, diff --git a/tests/test_83_md_extensions.py b/tests/test_83_md_extensions.py index adb8ab7..71f9886 100644 --- a/tests/test_83_md_extensions.py +++ b/tests/test_83_md_extensions.py @@ -12,3 +12,6 @@ print(ed) assert ed.spsso_descriptor.extensions assert len(ed.spsso_descriptor.extensions.extension_elements) == 3 + +assert ed.extensions +assert len(ed.extensions.extension_elements) > 1 \ No newline at end of file