diff options
| author | Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> | 2012-06-14 07:57:17 +0200 |
|---|---|---|
| committer | Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> | 2012-06-14 07:57:17 +0200 |
| commit | d92fa8683a5ae5541df43031f61b9284715206b1 (patch) | |
| tree | 4a88698ab849432a647431991aafd02dff5d4b90 | |
| parent | 5e6968d0f24a554d1caf62f115e051e2e8faa80a (diff) | |
| parent | 90f2f673a8da76727dcad76049c1ee7a0f325d00 (diff) | |
| download | pysaml2-clean-client-api.tar.gz | |
Merge branch 'master' into clean-client-apiclean-client-api
| -rw-r--r-- | src/saml2/assertion.py | 1 | ||||
| -rw-r--r-- | src/saml2/attribute_converter.py | 19 | ||||
| -rw-r--r-- | src/saml2/binding.py | 2 | ||||
| -rw-r--r-- | src/saml2/client.py | 14 | ||||
| -rw-r--r-- | src/saml2/encdec.py | 277 | ||||
| -rw-r--r-- | src/saml2/saml.py | 3 | ||||
| -rw-r--r-- | src/saml2/sigver.py | 4 | ||||
| -rw-r--r-- | src/xmldsig/__init__.py | 14 | ||||
| -rw-r--r-- | src/xmlenc/__init__.py | 152 |
9 files changed, 378 insertions, 108 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 41fbc9ca..b51ec54c 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -455,6 +455,7 @@ class Assertion(dict): :param issuer: Who is issuing the statement :param authn_class: The authentication class :param authn_auth: The authentication instance + :param authn_decl: :param encrypt: Whether to encrypt parts or all of the Assertion :param sec_context: The security context used when encrypting :return: An Assertion instance diff --git a/src/saml2/attribute_converter.py b/src/saml2/attribute_converter.py index 000e5970..e1289e50 100644 --- a/src/saml2/attribute_converter.py +++ b/src/saml2/attribute_converter.py @@ -88,25 +88,6 @@ def ac_factory(path=""): def ac_factory_II(path): return ac_factory(path) -#def ac_factory_old(path): -# acs = [] -# -# for dir_name, directories, files in os.walk(path): -# for d in list(directories): -# if d.startswith('.'): -# directories.remove(d) -# -# if files: -# atco = AttributeConverter(os.path.basename(dir_name)) -# for name in files: -# fname = os.path.join(dir_name, name) -# if name.endswith(".py"): -# name = name[:-3] -# atco.set(name, fname) -# atco.adjust() -# acs.append(atco) -# return acs - def ava_fro(acs, statement): """ Translates attributes according to their name_formats into the local names. diff --git a/src/saml2/binding.py b/src/saml2/binding.py index e67b64d9..acef290d 100644 --- a/src/saml2/binding.py +++ b/src/saml2/binding.py @@ -64,7 +64,7 @@ def http_post_message(message, location, relay_state="", typ="SAMLRequest"): response.append("""<script type="text/javascript">""") response.append(" window.onload = function ()") - response.append(" { document.forms[0].submit(); ") + response.append(" { document.forms[0].submit(); }") response.append("""</script>""") response.append("</body>") diff --git a/src/saml2/client.py b/src/saml2/client.py index 66113908..045befb0 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -374,7 +374,7 @@ class Saml2Client(object): :return: AuthnRequest response """ - location = self._sso_location(entityid) + location = self._sso_location(entityid, binding) session_id = sid() _req_str = "%s" % self._authn_request(session_id, location, vorg=vorg, @@ -1017,9 +1017,9 @@ class Saml2Client(object): return None - def request_to_discovery_service(self, disc_url, return_url="", - policy="", returnIDParam="", - is_passive=False ): + def discovery_service_request_url(self, disc_url, return_url="", + policy="", returnIDParam="", + is_passive=False ): """ Created the HTTP redirect URL needed to send the user to the discovery service. @@ -1050,13 +1050,13 @@ class Saml2Client(object): params = urllib.urlencode(pdir) return "%s?%s" % (disc_url, params) - def get_idp_from_discovery_service(self, query="", url="", returnIDParam=""): + def discovery_service_response(self, query="", url="", returnIDParam=""): """ - Deal with the reponse url from a Discovery Service + Deal with the response url from a Discovery Service :param url: the url the user was redirected back to :param returnIDParam: This is where the identifier of the IdP is - place if it was specified in the query otherwise in 'entityID' + place if it was specified in the query as not being 'entityID' :return: The IdP identifier or "" if none was given """ diff --git a/src/saml2/encdec.py b/src/saml2/encdec.py new file mode 100644 index 00000000..239f5449 --- /dev/null +++ b/src/saml2/encdec.py @@ -0,0 +1,277 @@ +import os +import sys + +from subprocess import Popen +from subprocess import PIPE + +from tempfile import NamedTemporaryFile + +from saml2.sigver import make_temp +from saml2.sigver import parse_xmlsec_output +from saml2.sigver import XmlsecError +from saml2 import saml + +__author__ = 'rohe0002' + +import xmlenc as enc + +#<EncryptedData +# xmlns="http://www.w3.org/2001/04/xmlenc#" +# Type="http://www.w3.org/2001/04/xmlenc#Element"> +# <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> +# <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +# <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> +# <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> +# <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +# <KeyName/> +# </KeyInfo> +# <CipherData> +# <CipherValue/> +# </CipherData> +# </EncryptedKey> +# </KeyInfo> +# <CipherData> +# <CipherValue/> +# </CipherData> +#</EncryptedData> + +class DecryptionError(Exception): + pass + +ID_ATTR = "ID" +#NODE_NAME = "urn:oasis:names:tc:SAML:2.0:assertion:Assertion" +ENC_DATA = "urn:oasis:names:tc:SAML:2.0:assertion:EncryptedData" +ENC_KEY_CLASS = "EncryptedKey" + +RSA_15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5" +RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" +AES128_CBC="http://www.w3.org/2001/04/xmlenc#aes128-cbc" +TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" + +# registered xmlsec transforms +TRANSFORMS = ["base64","enveloped-signature","c14n","c14n-with-comments", + "c14n11","c14n11-with-comments","exc-c14n", + "exc-c14n-with-comments","xpath","xpath2","xpointer","xslt", + "aes128-cbc","aes192-cbc","aes256-cbc","kw-aes128","kw-aes192", + "kw-aes256","tripledes-cbc","kw-tripledes","dsa-sha1","hmac-md5", + "hmac-ripemd160","hmac-sha1","hmac-sha224","hmac-sha256", + "hmac-sha384","hmac-sha512","md5","ripemd160","rsa-md5", + "rsa-ripemd160","rsa-sha1","rsa-sha224","rsa-sha256","rsa-sha384", + "rsa-sha512","rsa-1_5","rsa-oaep-mgf1p","sha1","sha224","sha256", + "sha384","sha512"] + +ALGORITHM = { + "tripledes-cbc": TRIPLE_DES, + "aes128-cbc": AES128_CBC, + "rsa-1_5": RSA_15, + "rsa-oaep-mgf1p": RSA_OAEP +} + +def template(ident=None, session_key="tripledes-cbc"): + """ + If an assertion is to be signed the signature part has to be preset + with which algorithms to be used, this function returns such a + preset part. + + :param ident: The identifier of the assertion, so you know which assertion + was signed + :return: A preset signature part + """ + + cipher_data = enc.CipherData(cipher_value=enc.CipherValue()) + encryption_method = enc.EncryptionMethod(algorithm=ALGORITHM[session_key]) + #key_info = ds.KeyInfo(key_name=ds.KeyName()) + encrypted_data = enc.EncryptedData( + type = "http://www.w3.org/2001/04/xmlenc#Element", + encryption_method=encryption_method, + #key_info=key_info, + cipher_data=cipher_data) + + if ident: + encrypted_data.id = "%s" % ident + + return encrypted_data + +# xmlsec decrypt --privkey-pem userkey.pem doc-encrypted.xml + +def decrypt_message(enctext, xmlsec_binary, key_file=None, + key_file_type="privkey-pem", cafile=None, + epath=None, id_attr="", + node_name="", node_id=None, log=None, debug=False): + """ Decrypts an encrypted part of a XML document. + + :param enctext: XML document containing an encrypted part + :param xmlsec_binary: The xmlsec1 binaries to be used + :param key_file: The key used to decrypt the message + :param key_file_type: The key file type + :param node_name: The SAML class of the root node in the message + :param node_id: The identifier of the root node if any + :param id_attr: Should normally be one of "id", "Id" or "ID" + :param log: A log function to use when logging + :param debug: To debug or not + :return: The decrypted document if all was OK otherwise will raise an + exception. + """ + + if not id_attr: + id_attr = ID_ATTR + + _, fil = make_temp(enctext, decode=False) + + com_list = [xmlsec_binary, "--decrypt", + "--%s" % key_file_type, key_file] + + if key_file_type in ["privkey-pem", "privkey-der", "pkcs8-pem", + "pkcs8-der"]: + if isinstance(cafile, basestring): + com_list.append(cafile) + else: + com_list.extend(cafile) + + if id_attr: + com_list.extend(["--id-attr:%s" % id_attr, node_name]) + + elif epath: + xpath = create_xpath(epath) + com_list.extend(['--node-xpath', xpath]) + + # if debug: +# com_list.append("--store-signatures") + + if node_id: + com_list.extend(["--node-id", node_id]) + + com_list.append(fil) + + if debug: + try: + print " ".join(com_list) + except TypeError: + print "key_file_type", key_file_type + print "key_file", key_file + print "node_name", node_name + print "fil", fil + raise + print "%s: %s" % (key_file, os.access(key_file, os.F_OK)) + print "%s: %s" % (fil, os.access(fil, os.F_OK)) + + pof = Popen(com_list, stderr=PIPE, stdout=PIPE) + p_out = pof.stdout.read() + try: + p_err = pof.stderr.read() + if debug: + print p_err + verified = parse_xmlsec_output(p_err) + except XmlsecError, exc: + if log: + log.error(60*"=") + log.error(p_out) + log.error(60*"-") + log.error("%s" % exc) + log.error(60*"=") + raise DecryptionError("%s" % (exc,)) + + return verified + +# Whole document +#xmlsec1 encrypt --pubkey-pem ServerKeys/pubkey.pem --session-key des-192 +# --xml-data ClientRequest.xml +# --output ClientEncrypted.xml EncryptionTemplate.xml + +# single value +#/opt/local/bin/xmlsec1 encrypt --pubkey-cert-pem pubkey.pem +# --session-key des-192 --xml-data pre_saml2_response.xml +# --node-xpath '/*[local-name()="Response"]/*[local-name()="Assertion"]/*[local-name()="Subject"]/*[local-name()="EncryptedID"]/text()' +# encryption_template.xml > enc.out + +def create_xpath(path): + """ + :param path: list of element names + """ + + return "/*".join(['[local-name()="%s"]' % e for e in path]) + "/text()" + +def encrypt_using_xmlsec(xmlsec, data, template, epath=None, key=None, + key_file=None, key_file_type="pubkey-pem", + session_key=None, log=None): + """encrypting a value using xmlsec. + + :param xmlsec: Path to the xmlsec1 binary + :param data: A XML document from which the value should be picked. + :param template: The encyption part template + :param epath: Which value to encrypt, if not the whole document + should be encrypted. + :param key: The key to be used for the encrypting, either this or + :param key_file: The file where the key can be found + :param key_file_type: pubkey-pem, pubkey-der, pubkey-cert-pem, + pubkey-cert-der, privkey-der, privkey-pem, ... + :param session_key: Key algorithm + :param log: log function + :return: The signed statement + """ + + if not key_file and key: + _, key_file = make_temp("%s" % key, ".pem") + + ntf = NamedTemporaryFile() + xpath = create_xpath(epath) + + com_list = [xmlsec, "encrypt", + "--output", ntf.name, + "--xml-data", data, + '--node-xpath', xpath, + key_file_type, key_file + ] + + if session_key: + com_list.extend(["--session-key", session_key]) + + _, fil = make_temp("%s" % template, decode=False) + com_list.append(fil) + + pof = Popen(com_list, stderr=PIPE, stdout=PIPE) + p_out = pof.stdout.read() + p_err = pof.stderr.read() + + # this doesn't work if --store-signatures are used + if p_out == "": + ntf.seek(0) + encrypted_statement = ntf.read() + if not encrypted_statement: + if log: + log.error(p_err) + else: + print >> sys.stderr, p_err + raise Exception("Encryption failed") + else: + return encrypted_statement + else: + print >> sys.stderr, p_out + print "E", p_err + raise Exception("Encryption failed") + +def encrypt_id(response, xmlsec, key_file, key_file_type, identifier, + session_key, node_id="", log=None): + """ + :param response: The response as a Response class instance + :param xmlsec: Where the xmlsec1 binaries reside + :param key_file: Which key file to use + :param key_file_type: The type of key file + :param identifier: The subject identifier + :param session_key: The type of key used to encrypt + :return: statement with the subject identifier encrypted + """ + if not response.assertion[0].subject.encrypted_id: + response.assertion[0].subject.encrypted_id = saml.EncryptedID( + identifier) + + statement = encrypt_using_xmlsec(xmlsec, "%s" % response, + template=template(ident=node_id, + session_key=session_key), + epath=["Response","Assertion","Subject","NameID"], + key_file=key_file, + key_file_type=key_file_type, + session_key=session_key, + log=log) + + return statement diff --git a/src/saml2/saml.py b/src/saml2/saml.py index 35c4e226..43d169fc 100644 --- a/src/saml2/saml.py +++ b/src/saml2/saml.py @@ -145,10 +145,9 @@ class AttributeValueBase(SamlBase): self.set_text(tree.text) try: typ = self.extension_attributes[TYPE_EXTENSION] - _x = _verify_value_type(typ, getattr(self,"text")) + _verify_value_type(typ, getattr(self, "text")) except KeyError: pass - #print _x class BaseIDAbstractType_(SamlBase): """The urn:oasis:names:tc:SAML:2.0:assertion:BaseIDAbstractType element """ diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 468c1494..9a5b0e43 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -302,7 +302,7 @@ def pem_format(key): return "\n".join(["-----BEGIN CERTIFICATE-----", key,"-----END CERTIFICATE-----"]) -def _parse_xmlsec_output(output): +def parse_xmlsec_output(output): """ Parse the output from xmlsec to try to find out if the command was successfull or not. @@ -369,7 +369,7 @@ def verify_signature(enctext, xmlsec_binary, cert_file=None, cert_type="pem", p_err = pof.stderr.read() if __DEBUG: print p_err - verified = _parse_xmlsec_output(p_err) + verified = parse_xmlsec_output(p_err) except XmlsecError, exc: if log: log.error(60*"=") diff --git a/src/xmldsig/__init__.py b/src/xmldsig/__init__.py index 16bffeae..df81b8f1 100644 --- a/src/xmldsig/__init__.py +++ b/src/xmldsig/__init__.py @@ -7,10 +7,8 @@ import saml2 from saml2 import SamlBase - NAMESPACE = 'http://www.w3.org/2000/09/xmldsig#' - ENCODING_BASE64 = 'http://www.w3.org/2000/09/xmldsig#base64' DIGEST_SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1' ALG_EXC_C14N = 'http://www.w3.org/2001/10/xml-exc-c14n#' @@ -1255,6 +1253,7 @@ class Reference(ReferenceType_): def reference_from_string(xml_string): return saml2.create_class_from_xml_string(Reference, xml_string) +#import xmlenc as enc class KeyInfoType_(SamlBase): """The http://www.w3.org/2000/09/xmldsig#:KeyInfoType element """ @@ -1279,8 +1278,15 @@ class KeyInfoType_(SamlBase): c_cardinality['spki_data'] = {"min":0} c_children['{http://www.w3.org/2000/09/xmldsig#}MgmtData'] = ('mgmt_data', [MgmtData]) c_cardinality['mgmt_data'] = {"min":0} + c_children['{http://www.w3.org/2000/09/xmlenc#}EncryptedKey'] = ( + 'encrypted_key', + None) + c_cardinality['key_info'] = {"min":0, "max":1} + c_attributes['Id'] = ('id', 'ID', False) - c_child_order.extend(['key_name', 'key_value', 'retrieval_method', 'x509_data', 'pgp_data', 'spki_data', 'mgmt_data']) + c_child_order.extend(['key_name', 'key_value', 'retrieval_method', + 'x509_data', 'pgp_data', 'spki_data', 'mgmt_data', + 'encrypted_key']) def __init__(self, key_name=None, @@ -1290,6 +1296,7 @@ class KeyInfoType_(SamlBase): pgp_data=None, spki_data=None, mgmt_data=None, + encrypted_key=None, id=None, text=None, extension_elements=None, @@ -1307,6 +1314,7 @@ class KeyInfoType_(SamlBase): self.pgp_data=pgp_data or [] self.spki_data=spki_data or [] self.mgmt_data=mgmt_data or [] + self.encrypted_key=encrypted_key self.id=id def key_info_type__from_string(xml_string): diff --git a/src/xmlenc/__init__.py b/src/xmlenc/__init__.py index b9e51476..8322763c 100644 --- a/src/xmlenc/__init__.py +++ b/src/xmlenc/__init__.py @@ -26,7 +26,7 @@ def key_size_type__from_string(xml_string): return saml2.create_class_from_xml_string(KeySizeType_, xml_string) -class CipherDataType_CipherValue(SamlBase): +class CipherValue(SamlBase): c_tag = 'CipherValue' c_namespace = NAMESPACE @@ -36,8 +36,8 @@ class CipherDataType_CipherValue(SamlBase): c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() -def cipher_data_type__cipher_value_from_string(xml_string): - return saml2.create_class_from_xml_string(CipherDataType_CipherValue, xml_string) +def cipher_value_from_string(xml_string): + return saml2.create_class_from_xml_string(CipherValue, xml_string) class TransformsType_(SamlBase): @@ -70,7 +70,7 @@ def transforms_type__from_string(xml_string): return saml2.create_class_from_xml_string(TransformsType_, xml_string) -class AgreementMethodType_KA_Nonce(SamlBase): +class KA_Nonce(SamlBase): c_tag = 'KA_Nonce' c_namespace = NAMESPACE @@ -80,34 +80,34 @@ class AgreementMethodType_KA_Nonce(SamlBase): c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() -def agreement_method_type__k_a__nonce_from_string(xml_string): - return saml2.create_class_from_xml_string(AgreementMethodType_KA_Nonce, xml_string) +def k_a__nonce_from_string(xml_string): + return saml2.create_class_from_xml_string(KA_Nonce, xml_string) -class AgreementMethodType_OriginatorKeyInfo(ds.KeyInfoType_): +class OriginatorKeyInfo(ds.KeyInfo): c_tag = 'OriginatorKeyInfo' c_namespace = NAMESPACE - c_children = ds.KeyInfoType_.c_children.copy() - c_attributes = ds.KeyInfoType_.c_attributes.copy() - c_child_order = ds.KeyInfoType_.c_child_order[:] - c_cardinality = ds.KeyInfoType_.c_cardinality.copy() + c_children = ds.KeyInfo.c_children.copy() + c_attributes = ds.KeyInfo.c_attributes.copy() + c_child_order = ds.KeyInfo.c_child_order[:] + c_cardinality = ds.KeyInfo.c_cardinality.copy() -def agreement_method_type__originator_key_info_from_string(xml_string): - return saml2.create_class_from_xml_string(AgreementMethodType_OriginatorKeyInfo, xml_string) +def originator_key_info_from_string(xml_string): + return saml2.create_class_from_xml_string(OriginatorKeyInfo, xml_string) -class AgreementMethodType_RecipientKeyInfo(ds.KeyInfoType_): +class RecipientKeyInfo(ds.KeyInfo): c_tag = 'RecipientKeyInfo' c_namespace = NAMESPACE - c_children = ds.KeyInfoType_.c_children.copy() - c_attributes = ds.KeyInfoType_.c_attributes.copy() - c_child_order = ds.KeyInfoType_.c_child_order[:] - c_cardinality = ds.KeyInfoType_.c_cardinality.copy() + c_children = ds.KeyInfo.c_children.copy() + c_attributes = ds.KeyInfo.c_attributes.copy() + c_child_order = ds.KeyInfo.c_child_order[:] + c_cardinality = ds.KeyInfo.c_cardinality.copy() -def agreement_method_type__recipient_key_info_from_string(xml_string): - return saml2.create_class_from_xml_string(AgreementMethodType_RecipientKeyInfo, xml_string) +def recipient_key_info_from_string(xml_string): + return saml2.create_class_from_xml_string(RecipientKeyInfo, xml_string) class AgreementMethodType_(SamlBase): @@ -119,11 +119,11 @@ class AgreementMethodType_(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}KA_Nonce'] = ('k_a__nonce', AgreementMethodType_KA_Nonce) + c_children['{http://www.w3.org/2001/04/xmlenc#}KA_Nonce'] = ('k_a__nonce', KA_Nonce) c_cardinality['k_a__nonce'] = {"min":0, "max":1} - c_children['{http://www.w3.org/2001/04/xmlenc#}OriginatorKeyInfo'] = ('originator_key_info', AgreementMethodType_OriginatorKeyInfo) + c_children['{http://www.w3.org/2001/04/xmlenc#}OriginatorKeyInfo'] = ('originator_key_info', OriginatorKeyInfo) c_cardinality['originator_key_info'] = {"min":0, "max":1} - c_children['{http://www.w3.org/2001/04/xmlenc#}RecipientKeyInfo'] = ('recipient_key_info', AgreementMethodType_RecipientKeyInfo) + c_children['{http://www.w3.org/2001/04/xmlenc#}RecipientKeyInfo'] = ('recipient_key_info', RecipientKeyInfo) c_cardinality['recipient_key_info'] = {"min":0, "max":1} c_attributes['Algorithm'] = ('algorithm', 'anyURI', True) c_child_order.extend(['k_a__nonce', 'originator_key_info', 'recipient_key_info']) @@ -210,7 +210,7 @@ def encryption_property_type__from_string(xml_string): return saml2.create_class_from_xml_string(EncryptionPropertyType_, xml_string) -class EncryptionMethodType_KeySize(KeySizeType_): +class KeySize(KeySizeType_): c_tag = 'KeySize' c_namespace = NAMESPACE @@ -219,11 +219,11 @@ class EncryptionMethodType_KeySize(KeySizeType_): c_child_order = KeySizeType_.c_child_order[:] c_cardinality = KeySizeType_.c_cardinality.copy() -def encryption_method_type__key_size_from_string(xml_string): - return saml2.create_class_from_xml_string(EncryptionMethodType_KeySize, xml_string) +def key_size_from_string(xml_string): + return saml2.create_class_from_xml_string(KeySize, xml_string) -class EncryptionMethodType_OAEPparams(SamlBase): +class OAEPparams(SamlBase): c_tag = 'OAEPparams' c_namespace = NAMESPACE @@ -233,8 +233,8 @@ class EncryptionMethodType_OAEPparams(SamlBase): c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() -def encryption_method_type__oae_pparams_from_string(xml_string): - return saml2.create_class_from_xml_string(EncryptionMethodType_OAEPparams, xml_string) +def oae_pparams_from_string(xml_string): + return saml2.create_class_from_xml_string(OAEPparams, xml_string) class EncryptionMethodType_(SamlBase): @@ -246,9 +246,9 @@ class EncryptionMethodType_(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}KeySize'] = ('key_size', EncryptionMethodType_KeySize) + c_children['{http://www.w3.org/2001/04/xmlenc#}KeySize'] = ('key_size', KeySize) c_cardinality['key_size'] = {"min":0, "max":1} - c_children['{http://www.w3.org/2001/04/xmlenc#}OAEPparams'] = ('oae_pparams', EncryptionMethodType_OAEPparams) + c_children['{http://www.w3.org/2001/04/xmlenc#}OAEPparams'] = ('oae_pparams', OAEPparams) c_cardinality['oae_pparams'] = {"min":0, "max":1} c_attributes['Algorithm'] = ('algorithm', 'anyURI', True) c_child_order.extend(['key_size', 'oae_pparams']) @@ -274,7 +274,7 @@ def encryption_method_type__from_string(xml_string): return saml2.create_class_from_xml_string(EncryptionMethodType_, xml_string) -class CipherReferenceType_Transforms(TransformsType_): +class Transforms(TransformsType_): c_tag = 'Transforms' c_namespace = NAMESPACE @@ -283,8 +283,8 @@ class CipherReferenceType_Transforms(TransformsType_): c_child_order = TransformsType_.c_child_order[:] c_cardinality = TransformsType_.c_cardinality.copy() -def cipher_reference_type__transforms_from_string(xml_string): - return saml2.create_class_from_xml_string(CipherReferenceType_Transforms, xml_string) +def transforms_from_string(xml_string): + return saml2.create_class_from_xml_string(Transforms, xml_string) class CipherReferenceType_(SamlBase): @@ -296,7 +296,7 @@ class CipherReferenceType_(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}Transforms'] = ('transforms', CipherReferenceType_Transforms) + c_children['{http://www.w3.org/2001/04/xmlenc#}Transforms'] = ('transforms', Transforms) c_cardinality['transforms'] = {"min":0, "max":1} c_attributes['URI'] = ('uri', 'anyURI', True) c_child_order.extend(['transforms']) @@ -320,7 +320,7 @@ def cipher_reference_type__from_string(xml_string): return saml2.create_class_from_xml_string(CipherReferenceType_, xml_string) -class EncryptedType_EncryptionMethod(EncryptionMethodType_): +class EncryptionMethod(EncryptionMethodType_): c_tag = 'EncryptionMethod' c_namespace = NAMESPACE @@ -329,8 +329,8 @@ class EncryptedType_EncryptionMethod(EncryptionMethodType_): c_child_order = EncryptionMethodType_.c_child_order[:] c_cardinality = EncryptionMethodType_.c_cardinality.copy() -def encrypted_type__encryption_method_from_string(xml_string): - return saml2.create_class_from_xml_string(EncryptedType_EncryptionMethod, xml_string) +def encryption_method_from_string(xml_string): + return saml2.create_class_from_xml_string(EncryptionMethod, xml_string) @@ -348,7 +348,7 @@ def agreement_method_from_string(xml_string): return saml2.create_class_from_xml_string(AgreementMethod, xml_string) -class ReferenceList_DataReference(ReferenceType_): +class DataReference(ReferenceType_): c_tag = 'DataReference' c_namespace = NAMESPACE @@ -357,11 +357,11 @@ class ReferenceList_DataReference(ReferenceType_): c_child_order = ReferenceType_.c_child_order[:] c_cardinality = ReferenceType_.c_cardinality.copy() -def reference_list__data_reference_from_string(xml_string): - return saml2.create_class_from_xml_string(ReferenceList_DataReference, xml_string) +def data_reference_from_string(xml_string): + return saml2.create_class_from_xml_string(DataReference, xml_string) -class ReferenceList_KeyReference(ReferenceType_): +class KeyReference(ReferenceType_): c_tag = 'KeyReference' c_namespace = NAMESPACE @@ -370,8 +370,8 @@ class ReferenceList_KeyReference(ReferenceType_): c_child_order = ReferenceType_.c_child_order[:] c_cardinality = ReferenceType_.c_cardinality.copy() -def reference_list__key_reference_from_string(xml_string): - return saml2.create_class_from_xml_string(ReferenceList_KeyReference, xml_string) +def key_reference_from_string(xml_string): + return saml2.create_class_from_xml_string(KeyReference, xml_string) class ReferenceList(SamlBase): @@ -383,9 +383,9 @@ class ReferenceList(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}DataReference'] = ('data_reference', [ReferenceList_DataReference]) + c_children['{http://www.w3.org/2001/04/xmlenc#}DataReference'] = ('data_reference', [DataReference]) c_cardinality['data_reference'] = {"min":0} - c_children['{http://www.w3.org/2001/04/xmlenc#}KeyReference'] = ('key_reference', [ReferenceList_KeyReference]) + c_children['{http://www.w3.org/2001/04/xmlenc#}KeyReference'] = ('key_reference', [KeyReference]) c_cardinality['key_reference'] = {"min":0} c_child_order.extend(['data_reference', 'key_reference']) @@ -478,7 +478,7 @@ class CipherDataType_(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}CipherValue'] = ('cipher_value', CipherDataType_CipherValue) + c_children['{http://www.w3.org/2001/04/xmlenc#}CipherValue'] = ('cipher_value', CipherValue) c_cardinality['cipher_value'] = {"min":0, "max":1} c_children['{http://www.w3.org/2001/04/xmlenc#}CipherReference'] = ('cipher_reference', CipherReference) c_cardinality['cipher_reference'] = {"min":0, "max":1} @@ -540,7 +540,7 @@ class EncryptedType_(SamlBase): c_attributes = SamlBase.c_attributes.copy() c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() - c_children['{http://www.w3.org/2001/04/xmlenc#}EncryptionMethod'] = ('encryption_method', EncryptedType_EncryptionMethod) + c_children['{http://www.w3.org/2001/04/xmlenc#}EncryptionMethod'] = ('encryption_method', EncryptionMethod) c_cardinality['encryption_method'] = {"min":0, "max":1} c_children['{http://www.w3.org/2000/09/xmldsig#}KeyInfo'] = ('key_info', ds.KeyInfo) c_cardinality['key_info'] = {"min":0, "max":1} @@ -595,7 +595,7 @@ def encrypted_data_type__from_string(xml_string): return saml2.create_class_from_xml_string(EncryptedDataType_, xml_string) -class EncryptedKeyType_CarriedKeyName(SamlBase): +class CarriedKeyName(SamlBase): c_tag = 'CarriedKeyName' c_namespace = NAMESPACE @@ -605,8 +605,8 @@ class EncryptedKeyType_CarriedKeyName(SamlBase): c_child_order = SamlBase.c_child_order[:] c_cardinality = SamlBase.c_cardinality.copy() -def encrypted_key_type__carried_key_name_from_string(xml_string): - return saml2.create_class_from_xml_string(EncryptedKeyType_CarriedKeyName, xml_string) +def carried_key_name_from_string(xml_string): + return saml2.create_class_from_xml_string(CarriedKeyName, xml_string) class EncryptedKeyType_(EncryptedType_): @@ -620,7 +620,7 @@ class EncryptedKeyType_(EncryptedType_): c_cardinality = EncryptedType_.c_cardinality.copy() c_children['{http://www.w3.org/2001/04/xmlenc#}ReferenceList'] = ('reference_list', ReferenceList) c_cardinality['reference_list'] = {"min":0, "max":1} - c_children['{http://www.w3.org/2001/04/xmlenc#}CarriedKeyName'] = ('carried_key_name', EncryptedKeyType_CarriedKeyName) + c_children['{http://www.w3.org/2001/04/xmlenc#}CarriedKeyName'] = ('carried_key_name', CarriedKeyName) c_cardinality['carried_key_name'] = {"min":0, "max":1} c_attributes['Recipient'] = ('recipient', 'string', False) c_child_order.extend(['reference_list', 'carried_key_name']) @@ -689,6 +689,10 @@ class EncryptedKey(EncryptedKeyType_): def encrypted_key_from_string(xml_string): return saml2.create_class_from_xml_string(EncryptedKey, xml_string) +ds.KeyInfo.c_children['{http://www.w3.org/2000/09/xmlenc#}EncryptedKey'] = ( + 'encrypted_key', + EncryptedKey) + ELEMENT_FROM_STRING = { EncryptionMethodType_.c_tag: encryption_method_type__from_string, @@ -710,17 +714,17 @@ ELEMENT_FROM_STRING = { EncryptionPropertiesType_.c_tag: encryption_properties_type__from_string, EncryptionProperty.c_tag: encryption_property_from_string, EncryptionPropertyType_.c_tag: encryption_property_type__from_string, - CipherDataType_CipherValue.c_tag: cipher_data_type__cipher_value_from_string, - AgreementMethodType_KA_Nonce.c_tag: agreement_method_type__k_a__nonce_from_string, - AgreementMethodType_OriginatorKeyInfo.c_tag: agreement_method_type__originator_key_info_from_string, - AgreementMethodType_RecipientKeyInfo.c_tag: agreement_method_type__recipient_key_info_from_string, - EncryptionMethodType_KeySize.c_tag: encryption_method_type__key_size_from_string, - EncryptionMethodType_OAEPparams.c_tag: encryption_method_type__oae_pparams_from_string, - CipherReferenceType_Transforms.c_tag: cipher_reference_type__transforms_from_string, - EncryptedType_EncryptionMethod.c_tag: encrypted_type__encryption_method_from_string, - ReferenceList_DataReference.c_tag: reference_list__data_reference_from_string, - ReferenceList_KeyReference.c_tag: reference_list__key_reference_from_string, - EncryptedKeyType_CarriedKeyName.c_tag: encrypted_key_type__carried_key_name_from_string, + CipherValue.c_tag: cipher_value_from_string, + KA_Nonce.c_tag: k_a__nonce_from_string, + OriginatorKeyInfo.c_tag: originator_key_info_from_string, + RecipientKeyInfo.c_tag: recipient_key_info_from_string, + KeySize.c_tag: key_size_from_string, + OAEPparams.c_tag: oae_pparams_from_string, + Transforms.c_tag: transforms_from_string, + EncryptionMethod.c_tag: encryption_method_from_string, + DataReference.c_tag: data_reference_from_string, + KeyReference.c_tag: key_reference_from_string, + CarriedKeyName.c_tag: carried_key_name_from_string, } ELEMENT_BY_TAG = { @@ -743,17 +747,17 @@ ELEMENT_BY_TAG = { 'EncryptionPropertiesType': EncryptionPropertiesType_, 'EncryptionProperty': EncryptionProperty, 'EncryptionPropertyType': EncryptionPropertyType_, - 'CipherValue': CipherDataType_CipherValue, - 'KA_Nonce': AgreementMethodType_KA_Nonce, - 'OriginatorKeyInfo': AgreementMethodType_OriginatorKeyInfo, - 'RecipientKeyInfo': AgreementMethodType_RecipientKeyInfo, - 'KeySize': EncryptionMethodType_KeySize, - 'OAEPparams': EncryptionMethodType_OAEPparams, - 'Transforms': CipherReferenceType_Transforms, - 'EncryptionMethod': EncryptedType_EncryptionMethod, - 'DataReference': ReferenceList_DataReference, - 'KeyReference': ReferenceList_KeyReference, - 'CarriedKeyName': EncryptedKeyType_CarriedKeyName, + 'CipherValue': CipherValue, + 'KA_Nonce': KA_Nonce, + 'OriginatorKeyInfo': OriginatorKeyInfo, + 'RecipientKeyInfo': RecipientKeyInfo, + 'KeySize': KeySize, + 'OAEPparams': OAEPparams, + 'Transforms': Transforms, + 'EncryptionMethod': EncryptionMethod, + 'DataReference': DataReference, + 'KeyReference': KeyReference, + 'CarriedKeyName': CarriedKeyName, 'EncryptedType': EncryptedType_, } |