131 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			131 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Python
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env python
 | |
| import os 
 | |
| import getopt
 | |
| import sys
 | |
| 
 | |
| from saml2.metadata import entity_descriptor, entities_descriptor
 | |
| from saml2.metadata import sign_entity_descriptor
 | |
| from saml2.sigver import SecurityContext
 | |
| from saml2.sigver import get_xmlsec_binary
 | |
| from saml2.validate import valid_instance
 | |
| from saml2.config import Config
 | |
| 
 | |
| HELP_MESSAGE = """
 | |
| Usage: make_metadata [options] 1*configurationfile
 | |
| 
 | |
| Valid options:
 | |
| c:hi:k:np:sv:x:
 | |
|   -c            : certificate
 | |
|   -e            : Wrap the whole thing in an EntitiesDescriptor
 | |
|   -h            : Print this help message
 | |
|   -i id         : The ID of the entities descriptor
 | |
|   -k keyfile    : A file with a key to sign the metadata with
 | |
|   -n            : name
 | |
|   -p            : path to the configuration file
 | |
|   -s            : sign the metadata
 | |
|   -v            : How long, in days, the metadata is valid from the 
 | |
|                     time of creation
 | |
|   -x            : xmlsec1 binaries to be used for the signing
 | |
|   -w            : Use wellknown namespace prefixes
 | |
| """
 | |
| 
 | |
| class Usage(Exception):
 | |
|     def __init__(self, msg):
 | |
|         self.msg = msg
 | |
| 
 | |
| NSPAIR = {
 | |
|     "saml2p":"urn:oasis:names:tc:SAML:2.0:protocol",
 | |
|     "saml2":"urn:oasis:names:tc:SAML:2.0:assertion",
 | |
|     "soap11":"http://schemas.xmlsoap.org/soap/envelope/",
 | |
|     "meta": "urn:oasis:names:tc:SAML:2.0:metadata",
 | |
|     "xsi":"http://www.w3.org/2001/XMLSchema-instance",
 | |
|     "ds":"http://www.w3.org/2000/09/xmldsig#",
 | |
|     "shibmd":"urn:mace:shibboleth:metadata:1.0",
 | |
|     "md":"urn:oasis:names:tc:SAML:2.0:metadata",
 | |
| }
 | |
| 
 | |
| def main(args):
 | |
|     try:
 | |
|         opts, args = getopt.getopt(args, "c:ehi:k:np:sv:wx",
 | |
|                         ["help", "name", "id", "keyfile", "sign", 
 | |
|                         "valid", "xmlsec", "entityid", "path"])
 | |
|     except getopt.GetoptError, err:
 | |
|         # print help information and exit:
 | |
|         raise Usage(err) # will print something like "option -a not recognized"
 | |
| 
 | |
|     output = None
 | |
|     verbose = False
 | |
|     valid_for = 0
 | |
|     name = ""
 | |
|     id = ""
 | |
|     sign = False
 | |
|     xmlsec = ""
 | |
|     keyfile = ""
 | |
|     pubkeyfile = ""
 | |
|     entitiesid = True
 | |
|     path = []
 | |
|     nspair = None
 | |
|     
 | |
|     try:
 | |
|         for o, a in opts:
 | |
|             if o in ("-v", "--valid"):
 | |
|                 valid_for = int(a) * 24
 | |
|             elif o in ("-h", "--help"):
 | |
|                 raise Usage(HELP_MESSAGE)
 | |
|             elif o in ("-n", "--name"):
 | |
|                 name = a
 | |
|             elif o in ("-i", "--id"):
 | |
|                 id = a
 | |
|             elif o in ("-s", "--sign"):
 | |
|                 sign = True
 | |
|             elif o in ("-x", "--xmlsec"):
 | |
|                 xmlsec = a
 | |
|             elif o in ("-k", "--keyfile"):
 | |
|                 keyfile = a
 | |
|             elif o in ("-c", "--certfile"):
 | |
|                 pubkeyfile = a
 | |
|             elif o in ("-e", "--entityid"):
 | |
|                 entitiesid = False
 | |
|             elif o in ("-p", "--path"):
 | |
|                 path = [x.strip() for x in a.split(":")]
 | |
|             elif o in ("-w",):
 | |
|                 nspair = NSPAIR
 | |
|             else:
 | |
|                 assert False, "unhandled option %s" % o
 | |
|     except Usage, err:
 | |
|         print >> sys.stderr, sys.argv[0].split("/")[-1] + ": " + str(err.msg)
 | |
|         print >> sys.stderr, "\t for help use --help"
 | |
|         return 2
 | |
| 
 | |
|     if not xmlsec:
 | |
|         xmlsec = get_xmlsec_binary(path)
 | |
|         
 | |
|     eds = []
 | |
|     for filespec in args:
 | |
|         bas, fil = os.path.split(filespec)
 | |
|         if bas != "":
 | |
|             sys.path.insert(0, bas)
 | |
|         if fil.endswith(".py"):
 | |
|             fil = fil[:-3]
 | |
|         cnf = Config().load_file(fil, metadata_construction=True)
 | |
|         eds.append(entity_descriptor(cnf))
 | |
| 
 | |
|     secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
 | |
|     if entitiesid:
 | |
|         desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
 | |
|         valid_instance(desc)
 | |
|         print desc.to_string(nspair)
 | |
|     else:
 | |
|         for eid in eds:
 | |
|             if sign:
 | |
|                 desc = sign_entity_descriptor(eid, id, secc)
 | |
|             else:
 | |
|                 desc = eid
 | |
|             valid_instance(desc)
 | |
|             print desc.to_string(nspair)
 | |
| 
 | |
| if __name__ == "__main__":
 | |
|     import sys
 | |
|     
 | |
|     main(sys.argv[1:])
 | 
