diff options
author | Hans Hörberg <hans.horberg@umu.se> | 2015-11-19 15:00:59 +0100 |
---|---|---|
committer | Hans Hörberg <hans.horberg@umu.se> | 2015-11-19 15:00:59 +0100 |
commit | 4879dab7efef853a8bc992035821f08d5856816a (patch) | |
tree | b5b3f08a09c86bfc84e336814299c9b44286b872 | |
parent | 51c06eecb3dd8464a521201fc1c019c9c42559b7 (diff) | |
parent | 48c21212aea9c35d8ee4fa7ce00fa5c3d3bc5694 (diff) | |
download | pysaml2-4879dab7efef853a8bc992035821f08d5856816a.tar.gz |
Merge remote-tracking branch 'upstream/master'
-rwxr-xr-x | setup.py | 3 | ||||
-rw-r--r-- | src/saml2/algsupport.py | 76 | ||||
-rw-r--r-- | tests/server2_conf.py | 39 | ||||
-rw-r--r-- | tests/sp_mdext_conf.py | 4 | ||||
-rw-r--r-- | tests/test_30_mdstore.py | 4 | ||||
-rw-r--r-- | tests/test_83_md_extensions.py | 3 | ||||
-rwxr-xr-x | tools/mdexport.py | 22 |
7 files changed, 109 insertions, 42 deletions
@@ -17,8 +17,7 @@ install_requires = [ 'pytz', 'pyOpenSSL', 'python-dateutil', - 'six', - 'future' + 'six' ] version = '' diff --git a/src/saml2/algsupport.py b/src/saml2/algsupport.py new file mode 100644 index 00000000..0682894b --- /dev/null +++ b/src/saml2/algsupport.py @@ -0,0 +1,76 @@ +from subprocess import Popen, PIPE +from saml2.sigver import get_xmlsec_binary +from saml2.extension.algsupport import SigningMethod +from saml2.extension.algsupport import DigestMethod + +__author__ = 'roland' + +DIGEST_METHODS = { + "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only! + "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1', + "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224', + "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256', + "hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384', + "hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512', + "hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160' +} + +SIGNING_METHODS = { + "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5', + "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160', + "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', + "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224', + "rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', + "rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384', + "rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', + "dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1', + 'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256', + 'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1', + 'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224', + 'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256', + 'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384', + 'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512', +} + + +def get_algorithm_support(xmlsec): + com_list = [xmlsec, '--list-transforms'] + pof = Popen(com_list, stderr=PIPE, stdout=PIPE) + + p_out = pof.stdout.read().decode('utf-8') + p_err = pof.stderr.read().decode('utf-8') + + if not p_err: + p = p_out.split('\n') + algs = [x.strip('"') for x in p[1].split(',')] + digest = [] + signing = [] + for alg in algs: + if alg in DIGEST_METHODS: + digest.append(alg) + elif alg in SIGNING_METHODS: + signing.append(alg) + + return {"digest": digest, "signing": signing} + + raise SystemError(p_err) + + +def algorithm_support_in_metadata(xmlsec): + if xmlsec is None: + return [] + + support = get_algorithm_support(xmlsec) + element_list = [] + for alg in support["digest"]: + element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg])) + for alg in support["signing"]: + element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg])) + return element_list + +if __name__ == '__main__': + xmlsec = get_xmlsec_binary() + res = get_algorithm_support(xmlsec) + print(res) + for a in algorithm_support_in_metadata(xmlsec): + print(a)
\ No newline at end of file diff --git a/tests/server2_conf.py b/tests/server2_conf.py index bd098db9..88fabe54 100644 --- a/tests/server2_conf.py +++ b/tests/server2_conf.py @@ -1,46 +1,47 @@ from pathutils import full_path CONFIG = { - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", + "entityid": "urn:mace:example.com:saml:roland:sp", + "name": "urn:mace:example.com:saml:roland:sp", "description": "My own SP", "service": { "sp": { - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + "endpoints": { + "assertion_consumer_service": [ + "http://lingon.catalogix.se:8087/"], }, "required_attributes": ["surName", "givenName", "mail"], "optional_attributes": ["title"], - "idp":["urn:mace:example.com:saml:roland:idp"], + "idp": ["urn:mace:example.com:saml:roland:idp"], "subject_data": "subject_data.db", } }, - "debug" : 1, - "key_file" : full_path("test.key"), - "cert_file" : full_path("test.pem"), - "xmlsec_binary" : None, + "debug": 1, + "key_file": full_path("test.key"), + "cert_file": full_path("test.pem"), + "xmlsec_binary": None, "metadata": { "local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")], }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "virtual_organization": { + "urn:mace:example.com:it:tek": { + "nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", "common_identifier": "umuselin", } }, "accepted_time_diff": 60, - "attribute_map_dir" : full_path("attributemaps"), + "attribute_map_dir": full_path("attributemaps"), "organization": { "name": ("AB Exempel", "se"), "display_name": ("AB Exempel", "se"), "url": "http://www.example.org", }, "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@example.com", "tech@example.org"], - "contact_type": "technical" - }, + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@example.com", "tech@example.org"], + "contact_type": "technical" + }, ] } diff --git a/tests/sp_mdext_conf.py b/tests/sp_mdext_conf.py index 3be519bd..67e33414 100644 --- a/tests/sp_mdext_conf.py +++ b/tests/sp_mdext_conf.py @@ -1,4 +1,4 @@ -from pathutils import full_path +from pathutils import full_path, xmlsec_path CONFIG = { "entityid": "urn:mace:example.com:saml:roland:sp", @@ -38,7 +38,7 @@ CONFIG = { "debug": 1, "key_file": full_path("test.key"), "cert_file": full_path("test.pem"), - "xmlsec_binary": None, + "xmlsec_binary": xmlsec_path, "metadata": { "local": [full_path("idp_2.xml")], }, diff --git a/tests/test_30_mdstore.py b/tests/test_30_mdstore.py index 4a4e9d97..9d7b5899 100644 --- a/tests/test_30_mdstore.py +++ b/tests/test_30_mdstore.py @@ -2,8 +2,8 @@ # -*- coding: utf-8 -*- import datetime import re -#from six.moves.urllib.parse import quote_plus -from future.backports.urllib.parse import quote_plus +from six.moves.urllib.parse import quote_plus +#from future.backports.urllib.parse import quote_plus from saml2.config import Config from saml2.mdstore import MetadataStore from saml2.mdstore import MetaDataMDX diff --git a/tests/test_83_md_extensions.py b/tests/test_83_md_extensions.py index adb8ab7c..71f98868 100644 --- a/tests/test_83_md_extensions.py +++ b/tests/test_83_md_extensions.py @@ -12,3 +12,6 @@ print(ed) assert ed.spsso_descriptor.extensions assert len(ed.spsso_descriptor.extensions.extension_elements) == 3 + +assert ed.extensions +assert len(ed.extensions.extension_elements) > 1
\ No newline at end of file diff --git a/tools/mdexport.py b/tools/mdexport.py index 189ced2c..d9ab521b 100755 --- a/tools/mdexport.py +++ b/tools/mdexport.py @@ -1,23 +1,17 @@ -#!/usr/bin/env python -from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext + #!/usr/bin/env python +from saml2.sigver import _get_xmlsec_cryptobackend +from saml2.sigver import SecurityContext from saml2.httpbase import HTTPBase from saml2 import saml from saml2 import md from saml2.attribute_converter import ac_factory -from saml2.extension import dri -from saml2.extension import idpdisc -from saml2.extension import mdattr -from saml2.extension import mdrpi -from saml2.extension import mdui -from saml2.extension import shibmd -from saml2.extension import ui from saml2 import xmldsig from saml2 import xmlenc import argparse -from saml2.mdstore import MetaDataFile, MetaDataExtern +from saml2.mdstore import MetaDataFile, MetaDataExtern, load_extensions __author__ = 'rolandh' @@ -29,18 +23,12 @@ dictionary format. ONTS = { saml.NAMESPACE: saml, - mdui.NAMESPACE: mdui, - mdattr.NAMESPACE: mdattr, - mdrpi.NAMESPACE: mdrpi, - dri.NAMESPACE: dri, - ui.NAMESPACE: ui, - idpdisc.NAMESPACE: idpdisc, md.NAMESPACE: md, xmldsig.NAMESPACE: xmldsig, xmlenc.NAMESPACE: xmlenc, - shibmd.NAMESPACE: shibmd } +ONTS.update(load_extensions()) parser = argparse.ArgumentParser() parser.add_argument('-t', dest='type') |