131 lines
4.0 KiB
Python
Executable File
131 lines
4.0 KiB
Python
Executable File
#!/usr/bin/env python
|
|
import os
|
|
import getopt
|
|
import sys
|
|
|
|
from saml2.metadata import entity_descriptor, entities_descriptor
|
|
from saml2.metadata import sign_entity_descriptor
|
|
from saml2.sigver import SecurityContext
|
|
from saml2.sigver import get_xmlsec_binary
|
|
from saml2.validate import valid_instance
|
|
from saml2.config import Config
|
|
|
|
HELP_MESSAGE = """
|
|
Usage: make_metadata [options] 1*configurationfile
|
|
|
|
Valid options:
|
|
c:hi:k:np:sv:x:
|
|
-c : certificate
|
|
-e : Wrap the whole thing in an EntitiesDescriptor
|
|
-h : Print this help message
|
|
-i id : The ID of the entities descriptor
|
|
-k keyfile : A file with a key to sign the metadata with
|
|
-n : name
|
|
-p : path to the configuration file
|
|
-s : sign the metadata
|
|
-v : How long, in days, the metadata is valid from the
|
|
time of creation
|
|
-x : xmlsec1 binaries to be used for the signing
|
|
-w : Use wellknown namespace prefixes
|
|
"""
|
|
|
|
class Usage(Exception):
|
|
def __init__(self, msg):
|
|
self.msg = msg
|
|
|
|
NSPAIR = {
|
|
"saml2p":"urn:oasis:names:tc:SAML:2.0:protocol",
|
|
"saml2":"urn:oasis:names:tc:SAML:2.0:assertion",
|
|
"soap11":"http://schemas.xmlsoap.org/soap/envelope/",
|
|
"meta": "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
"xsi":"http://www.w3.org/2001/XMLSchema-instance",
|
|
"ds":"http://www.w3.org/2000/09/xmldsig#",
|
|
"shibmd":"urn:mace:shibboleth:metadata:1.0",
|
|
"md":"urn:oasis:names:tc:SAML:2.0:metadata",
|
|
}
|
|
|
|
def main(args):
|
|
try:
|
|
opts, args = getopt.getopt(args, "c:ehi:k:np:sv:wx",
|
|
["help", "name", "id", "keyfile", "sign",
|
|
"valid", "xmlsec", "entityid", "path"])
|
|
except getopt.GetoptError, err:
|
|
# print help information and exit:
|
|
raise Usage(err) # will print something like "option -a not recognized"
|
|
|
|
output = None
|
|
verbose = False
|
|
valid_for = 0
|
|
name = ""
|
|
id = ""
|
|
sign = False
|
|
xmlsec = ""
|
|
keyfile = ""
|
|
pubkeyfile = ""
|
|
entitiesid = True
|
|
path = []
|
|
nspair = None
|
|
|
|
try:
|
|
for o, a in opts:
|
|
if o in ("-v", "--valid"):
|
|
valid_for = int(a) * 24
|
|
elif o in ("-h", "--help"):
|
|
raise Usage(HELP_MESSAGE)
|
|
elif o in ("-n", "--name"):
|
|
name = a
|
|
elif o in ("-i", "--id"):
|
|
id = a
|
|
elif o in ("-s", "--sign"):
|
|
sign = True
|
|
elif o in ("-x", "--xmlsec"):
|
|
xmlsec = a
|
|
elif o in ("-k", "--keyfile"):
|
|
keyfile = a
|
|
elif o in ("-c", "--certfile"):
|
|
pubkeyfile = a
|
|
elif o in ("-e", "--entityid"):
|
|
entitiesid = False
|
|
elif o in ("-p", "--path"):
|
|
path = [x.strip() for x in a.split(":")]
|
|
elif o in ("-w",):
|
|
nspair = NSPAIR
|
|
else:
|
|
assert False, "unhandled option %s" % o
|
|
except Usage, err:
|
|
print >> sys.stderr, sys.argv[0].split("/")[-1] + ": " + str(err.msg)
|
|
print >> sys.stderr, "\t for help use --help"
|
|
return 2
|
|
|
|
if not xmlsec:
|
|
xmlsec = get_xmlsec_binary(path)
|
|
|
|
eds = []
|
|
for filespec in args:
|
|
bas, fil = os.path.split(filespec)
|
|
if bas != "":
|
|
sys.path.insert(0, bas)
|
|
if fil.endswith(".py"):
|
|
fil = fil[:-3]
|
|
cnf = Config().load_file(fil, metadata_construction=True)
|
|
eds.append(entity_descriptor(cnf))
|
|
|
|
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
|
|
if entitiesid:
|
|
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
|
|
valid_instance(desc)
|
|
print desc.to_string(nspair)
|
|
else:
|
|
for eid in eds:
|
|
if sign:
|
|
desc = sign_entity_descriptor(eid, id, secc)
|
|
else:
|
|
desc = eid
|
|
valid_instance(desc)
|
|
print desc.to_string(nspair)
|
|
|
|
if __name__ == "__main__":
|
|
import sys
|
|
|
|
main(sys.argv[1:])
|