Added algsupport
This commit is contained in:
Roland Hedberg
76
src/saml2/algsupport.py
Normal file
76
src/saml2/algsupport.py
Normal file
@@ -0,0 +1,76 @@
|
|||||||
|
from subprocess import Popen, PIPE
|
||||||
|
from saml2.sigver import get_xmlsec_binary
|
||||||
|
from saml2.extension.algsupport import SigningMethod
|
||||||
|
from saml2.extension.algsupport import DigestMethod
|
||||||
|
|
||||||
|
__author__ = 'roland'
|
||||||
|
|
||||||
|
DIGEST_METHODS = {
|
||||||
|
"hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
|
||||||
|
"hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
|
||||||
|
"hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
|
||||||
|
"hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
|
||||||
|
"hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384',
|
||||||
|
"hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512',
|
||||||
|
"hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160'
|
||||||
|
}
|
||||||
|
|
||||||
|
SIGNING_METHODS = {
|
||||||
|
"rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
|
||||||
|
"rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
|
||||||
|
"rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
|
||||||
|
"rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
|
||||||
|
"rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
|
||||||
|
"rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
|
||||||
|
"rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
|
||||||
|
"dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1',
|
||||||
|
'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256',
|
||||||
|
'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1',
|
||||||
|
'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224',
|
||||||
|
'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256',
|
||||||
|
'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384',
|
||||||
|
'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512',
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def get_algorithm_support(xmlsec):
|
||||||
|
com_list = [xmlsec, '--list-transforms']
|
||||||
|
pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
|
||||||
|
|
||||||
|
p_out = pof.stdout.read().decode('utf-8')
|
||||||
|
p_err = pof.stderr.read().decode('utf-8')
|
||||||
|
|
||||||
|
if not p_err:
|
||||||
|
p = p_out.split('\n')
|
||||||
|
algs = [x.strip('"') for x in p[1].split(',')]
|
||||||
|
digest = []
|
||||||
|
signing = []
|
||||||
|
for alg in algs:
|
||||||
|
if alg in DIGEST_METHODS:
|
||||||
|
digest.append(alg)
|
||||||
|
elif alg in SIGNING_METHODS:
|
||||||
|
signing.append(alg)
|
||||||
|
|
||||||
|
return {"digest": digest, "signing": signing}
|
||||||
|
|
||||||
|
raise SystemError(p_err)
|
||||||
|
|
||||||
|
|
||||||
|
def algorithm_support_in_metadata(xmlsec):
|
||||||
|
if xmlsec is None:
|
||||||
|
return []
|
||||||
|
|
||||||
|
support = get_algorithm_support(xmlsec)
|
||||||
|
element_list = []
|
||||||
|
for alg in support["digest"]:
|
||||||
|
element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
|
||||||
|
for alg in support["signing"]:
|
||||||
|
element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
|
||||||
|
return element_list
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
xmlsec = get_xmlsec_binary()
|
||||||
|
res = get_algorithm_support(xmlsec)
|
||||||
|
print(res)
|
||||||
|
for a in algorithm_support_in_metadata(xmlsec):
|
||||||
|
print(a)
|
||||||
@@ -1,46 +1,47 @@
|
|||||||
from pathutils import full_path
|
from pathutils import full_path
|
||||||
|
|
||||||
CONFIG = {
|
CONFIG = {
|
||||||
"entityid" : "urn:mace:example.com:saml:roland:sp",
|
"entityid": "urn:mace:example.com:saml:roland:sp",
|
||||||
"name" : "urn:mace:example.com:saml:roland:sp",
|
"name": "urn:mace:example.com:saml:roland:sp",
|
||||||
"description": "My own SP",
|
"description": "My own SP",
|
||||||
"service": {
|
"service": {
|
||||||
"sp": {
|
"sp": {
|
||||||
"endpoints":{
|
"endpoints": {
|
||||||
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
|
"assertion_consumer_service": [
|
||||||
|
"http://lingon.catalogix.se:8087/"],
|
||||||
},
|
},
|
||||||
"required_attributes": ["surName", "givenName", "mail"],
|
"required_attributes": ["surName", "givenName", "mail"],
|
||||||
"optional_attributes": ["title"],
|
"optional_attributes": ["title"],
|
||||||
"idp":["urn:mace:example.com:saml:roland:idp"],
|
"idp": ["urn:mace:example.com:saml:roland:idp"],
|
||||||
"subject_data": "subject_data.db",
|
"subject_data": "subject_data.db",
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"debug" : 1,
|
"debug": 1,
|
||||||
"key_file" : full_path("test.key"),
|
"key_file": full_path("test.key"),
|
||||||
"cert_file" : full_path("test.pem"),
|
"cert_file": full_path("test.pem"),
|
||||||
"xmlsec_binary" : None,
|
"xmlsec_binary": None,
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")],
|
"local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")],
|
||||||
},
|
},
|
||||||
"virtual_organization" : {
|
"virtual_organization": {
|
||||||
"urn:mace:example.com:it:tek":{
|
"urn:mace:example.com:it:tek": {
|
||||||
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
|
"nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
|
||||||
"common_identifier": "umuselin",
|
"common_identifier": "umuselin",
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"accepted_time_diff": 60,
|
"accepted_time_diff": 60,
|
||||||
"attribute_map_dir" : full_path("attributemaps"),
|
"attribute_map_dir": full_path("attributemaps"),
|
||||||
"organization": {
|
"organization": {
|
||||||
"name": ("AB Exempel", "se"),
|
"name": ("AB Exempel", "se"),
|
||||||
"display_name": ("AB Exempel", "se"),
|
"display_name": ("AB Exempel", "se"),
|
||||||
"url": "http://www.example.org",
|
"url": "http://www.example.org",
|
||||||
},
|
},
|
||||||
"contact_person": [{
|
"contact_person": [{
|
||||||
"given_name": "Roland",
|
"given_name": "Roland",
|
||||||
"sur_name": "Hedberg",
|
"sur_name": "Hedberg",
|
||||||
"telephone_number": "+46 70 100 0000",
|
"telephone_number": "+46 70 100 0000",
|
||||||
"email_address": ["tech@example.com", "tech@example.org"],
|
"email_address": ["tech@example.com", "tech@example.org"],
|
||||||
"contact_type": "technical"
|
"contact_type": "technical"
|
||||||
},
|
},
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
from pathutils import full_path
|
from pathutils import full_path, xmlsec_path
|
||||||
|
|
||||||
CONFIG = {
|
CONFIG = {
|
||||||
"entityid": "urn:mace:example.com:saml:roland:sp",
|
"entityid": "urn:mace:example.com:saml:roland:sp",
|
||||||
@@ -38,7 +38,7 @@ CONFIG = {
|
|||||||
"debug": 1,
|
"debug": 1,
|
||||||
"key_file": full_path("test.key"),
|
"key_file": full_path("test.key"),
|
||||||
"cert_file": full_path("test.pem"),
|
"cert_file": full_path("test.pem"),
|
||||||
"xmlsec_binary": None,
|
"xmlsec_binary": xmlsec_path,
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"local": [full_path("idp_2.xml")],
|
"local": [full_path("idp_2.xml")],
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -12,3 +12,6 @@ print(ed)
|
|||||||
|
|
||||||
assert ed.spsso_descriptor.extensions
|
assert ed.spsso_descriptor.extensions
|
||||||
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
|
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
|
||||||
|
|
||||||
|
assert ed.extensions
|
||||||
|
assert len(ed.extensions.extension_elements) > 1
|
||||||
Reference in New Issue
Block a user