Merge branch 'master' of github.com:rohe/pysaml2

3 files changed, 81 insertions, 72 deletions

diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py
index 71e9bf96..e16e7069 100644
--- a/example/idp2/idp_user.py
+++ b/example/idp2/idp_user.py
@@ -1,5 +1,5 @@
-#from dirg_util.dict import LDAPDict
-#ldap_settings = {
+# from dirg_util.dict import LDAPDict
+# ldap_settings = {
 #    "ldapuri": "ldaps://ldap.test.umu.se",
 #    "base": "dc=umu, dc=se",
 #    "filter_pattern": "(uid=%s)",
@@ -30,9 +30,9 @@
 #    "exact_match": True,
 #    "firstonly_len1": True,
 #    "timeout": 15,
-#}
-#Uncomment to use a LDAP directory instead.
-#USERS = LDAPDict(**ldap_settings)
+# }
+# Uncomment to use a LDAP directory instead.
+# USERS = LDAPDict(**ldap_settings)
 
 USERS = {
     "testuser": {
@@ -54,7 +54,9 @@ USERS = {
         "email": "test@example.com",
         "displayName": "Test Testsson",
         "labeledURL": "http://www.example.com/test My homepage",
-        "norEduPersonNIN": "SE199012315555"
+        "norEduPersonNIN": "SE199012315555",
+        "postaladdress": "postaladdress",
+        "cn": "cn"
     },
     "roland": {
         "sn": "Hedberg",
@@ -67,7 +69,7 @@ USERS = {
         "o": "Example Co.",
         "ou": "IT",
         "initials": "P",
-        #"schacHomeOrganization": "example.com",
+        # "schacHomeOrganization": "example.com",
         "mail": "roland@example.com",
         "displayName": "P. Roland Hedberg",
         "labeledURL": "http://www.example.com/rohe My homepage",
@@ -91,4 +93,4 @@ EXTRA = {
         "schacGender": "male",
         "schacUserPresenceID": "skype:pepe.perez"
     }
-}
\ No newline at end of file
+}
diff --git a/example/sp-wsgi/service_conf.py b/example/sp-wsgi/service_conf.py.example
index b2461f2e..b2461f2e 100644
--- a/example/sp-wsgi/service_conf.py
+++ b/example/sp-wsgi/service_conf.py.example
diff --git a/example/sp-wsgi/sp.py b/example/sp-wsgi/sp.py
index 1792ab70..7a75fce4 100755
--- a/example/sp-wsgi/sp.py
+++ b/example/sp-wsgi/sp.py
@@ -1,51 +1,47 @@
 #!/usr/bin/env python
 from __future__ import print_function
-import logging
-import re
+
 import argparse
+import importlib
+import logging
 import os
-try:
-    from future.backports.http.cookies import SimpleCookie
-except:
-    from Cookie import SimpleCookie
-import six
-
-from saml2.extension.pefim import SPCertEnc
-from saml2.metadata import create_metadata_string
-import service_conf
+import re
+import sys
 
+import six
+from six.moves.http_cookies import SimpleCookie
 from six.moves.urllib.parse import parse_qs
-import sys
 
+import saml2.xmldsig as ds
+from saml2 import BINDING_HTTP_ARTIFACT
+from saml2 import BINDING_HTTP_POST
 from saml2 import BINDING_HTTP_REDIRECT, element_to_extension_element
 from saml2 import BINDING_SOAP
-from saml2 import time_util
 from saml2 import ecp
-from saml2 import BINDING_HTTP_ARTIFACT
-from saml2 import BINDING_HTTP_POST
+from saml2 import time_util
 from saml2.client import Saml2Client
 from saml2.ecp_client import PAOS_HEADER_INFO
-from saml2.httputil import geturl, make_cookie, parse_cookie
-from saml2.httputil import get_post
-from saml2.httputil import Response
+from saml2.extension.pefim import SPCertEnc
 from saml2.httputil import BadRequest
-from saml2.httputil import ServiceError
-from saml2.httputil import SeeOther
-from saml2.httputil import Unauthorized
 from saml2.httputil import NotFound
-from saml2.httputil import Redirect
 from saml2.httputil import NotImplemented
+from saml2.httputil import Redirect
+from saml2.httputil import Response
+from saml2.httputil import SeeOther
+from saml2.httputil import ServiceError
+from saml2.httputil import Unauthorized
+from saml2.httputil import get_post
+from saml2.httputil import geturl, make_cookie, parse_cookie
+from saml2.metadata import create_metadata_string
 from saml2.response import StatusError
 from saml2.response import VerificationError
 from saml2.s_utils import UnknownPrincipal
-from saml2.s_utils import decode_base64_and_inflate
 from saml2.s_utils import UnsupportedBinding
-from saml2.s_utils import sid
+from saml2.s_utils import decode_base64_and_inflate
 from saml2.s_utils import rndstr
-#from srtest import exception_trace
+from saml2.s_utils import sid
+from saml2.saml import NAMEID_FORMAT_PERSISTENT
 from saml2.samlp import Extensions
-from saml2 import xmldsig as ds
-import saml2.xmldsig as ds
 
 logger = logging.getLogger("")
 hdlr = logging.FileHandler('spx.log')
@@ -56,7 +52,6 @@ hdlr.setFormatter(base_formatter)
 logger.addHandler(hdlr)
 logger.setLevel(logging.INFO)
 
-
 SP = None
 SEED = ""
 POLICY = None
@@ -141,7 +136,7 @@ class ECPResponse(object):
     def __init__(self, content):
         self.content = content
 
-    #noinspection PyUnusedLocal
+    # noinspection PyUnusedLocal
     def __call__(self, environ, start_response):
         start_response('%s %s' % (self.code, self.title),
                        [('Content-Type', "text/xml")])
@@ -172,7 +167,6 @@ class Cache(object):
 
     def get_user(self, environ):
         cookie = environ.get("HTTP_COOKIE", '')
-        cookie = cookie.decode("UTF-8")
         logger.debug("Cookie: %s", cookie)
         if cookie:
             cookie_obj = SimpleCookie(cookie)
@@ -354,7 +348,7 @@ class ACS(Service):
         :param response: The SAML response, transport encoded
         :param binding: Which binding the query came in over
         """
-        #tmp_outstanding_queries = dict(self.outstanding_queries)
+        # tmp_outstanding_queries = dict(self.outstanding_queries)
         if not response:
             logger.info("Missing Response")
             resp = Unauthorized('Unknown user')
@@ -408,6 +402,7 @@ class ACS(Service):
 
         return res
 
+
 # -----------------------------------------------------------------------------
 # REQUESTERS
 # -----------------------------------------------------------------------------
@@ -557,7 +552,7 @@ class SSO(object):
                 "single_sign_on_service", self.bindings, "idpsso",
                 entity_id=entity_id)
             logger.debug("binding: %s, destination: %s", _binding,
-                                                           destination)
+                         destination)
             # Binding here is the response binding that is which binding the
             # IDP should use to return the response.
             acs = _cli.config.getattr("endpoints", "sp")[
@@ -568,19 +563,20 @@ class SSO(object):
             extensions = None
             cert = None
             if _cli.config.generate_cert_func is not None:
-                    cert_str, req_key_str = _cli.config.generate_cert_func()
-                    cert = {
-                        "cert": cert_str,
-                        "key": req_key_str
-                    }
-                    spcertenc = SPCertEnc(x509_data=ds.X509Data(
-                        x509_certificate=ds.X509Certificate(text=cert_str)))
-                    extensions = Extensions(extension_elements=[
-                        element_to_extension_element(spcertenc)])
+                cert_str, req_key_str = _cli.config.generate_cert_func()
+                cert = {
+                    "cert": cert_str,
+                    "key": req_key_str
+                }
+                spcertenc = SPCertEnc(x509_data=ds.X509Data(
+                    x509_certificate=ds.X509Certificate(text=cert_str)))
+                extensions = Extensions(extension_elements=[
+                    element_to_extension_element(spcertenc)])
 
             req_id, req = _cli.create_authn_request(destination,
                                                     binding=return_binding,
-                                                    extensions=extensions)
+                                                    extensions=extensions,
+                                                    nameid_format=NAMEID_FORMAT_PERSISTENT)
             _rstate = rndstr()
             self.cache.relay_state[_rstate] = came_from
             ht_args = _cli.apply_binding(_binding, "%s" % req, destination,
@@ -639,7 +635,7 @@ class SLO(Service):
         try:
             txt = decode_base64_and_inflate(message)
             is_logout_request = 'LogoutRequest' in txt.split('>', 1)[0]
-        except:   # TODO: parse the XML correctly
+        except:  # TODO: parse the XML correctly
             is_logout_request = False
 
         if is_logout_request:
@@ -649,10 +645,11 @@ class SLO(Service):
 
         return finish_logout(self.environ, self.start_response)
 
+
 # ----------------------------------------------------------------------------
 
 
-#noinspection PyUnusedLocal
+# noinspection PyUnusedLocal
 def not_found(environ, start_response):
     """Called if no URL matches."""
     resp = NotFound('Not Found')
@@ -662,7 +659,7 @@ def not_found(environ, start_response):
 # ----------------------------------------------------------------------------
 
 
-#noinspection PyUnusedLocal
+# noinspection PyUnusedLocal
 def main(environ, start_response, sp):
     user = CACHE.get_user(environ)
 
@@ -690,10 +687,11 @@ def disco(environ, start_response, _sp):
     resp.headers.append(kaka)
     return resp(environ, start_response)
 
+
 # ----------------------------------------------------------------------------
 
 
-#noinspection PyUnusedLocal
+# noinspection PyUnusedLocal
 def logout(environ, start_response, sp):
     user = CACHE.get_user(environ)
 
@@ -740,10 +738,11 @@ def finish_logout(environ, start_response):
     cookie = CACHE.delete_cookie(environ)
 
     resp = Response('You are now logged out of this service', headers=[
-      cookie,
+        cookie,
     ])
     return resp(environ, start_response)
 
+
 # ----------------------------------------------------------------------------
 
 # map urls to functions
@@ -771,16 +770,17 @@ def add_urls():
     urls.append(("%s/redirect$" % base, (SLO, "redirect", SP)))
     urls.append(("%s/redirect/(.*)$" % base, (SLO, "redirect", SP)))
 
+
 # ----------------------------------------------------------------------------
 
 def metadata(environ, start_response):
     try:
         path = _args.path
         if path is None or len(path) == 0:
-            path = os.path.dirname(os.path.abspath( __file__ ))
+            path = os.path.dirname(os.path.abspath(__file__))
         if path[-1] != "/":
             path += "/"
-        metadata = create_metadata_string(path+"sp_conf.py", None,
+        metadata = create_metadata_string(path + "sp_conf.py", None,
                                           _args.valid, _args.cert, _args.keyfile,
                                           _args.id, _args.name, _args.sign)
         start_response('200 OK', [('Content-Type', "text/xml")])
@@ -789,6 +789,7 @@ def metadata(environ, start_response):
         logger.error("An error occured while creating metadata: %s", ex.message)
         return not_found(environ, start_response)
 
+
 def application(environ, start_response):
     """
     The main WSGI application. Dispatch the current request to
@@ -827,27 +828,15 @@ def application(environ, start_response):
         resp = BadRequest("%s" % err)
         return resp(environ, start_response)
     except Exception as err:
-        #_err = exception_trace("RUN", err)
-        #logging.error(exception_trace("RUN", _err))
+        # _err = exception_trace("RUN", err)
+        # logging.error(exception_trace("RUN", _err))
         print(err, file=sys.stderr)
         resp = ServiceError("%s" % err)
         return resp(environ, start_response)
 
-# ----------------------------------------------------------------------------
-
-HOST = service_conf.HOST
-PORT = service_conf.PORT
-# ------- HTTPS -------
-# These should point to relevant files
-SERVER_CERT = service_conf.SERVER_CERT
-SERVER_KEY = service_conf.SERVER_KEY
-# This is of course the certificate chain for the CA that signed
-# your cert and all the way up to the top
-CERT_CHAIN = service_conf.CERT_CHAIN
 
 if __name__ == '__main__':
     from cherrypy import wsgiserver
-    from cherrypy.wsgiserver import ssl_pyopenssl
 
     _parser = argparse.ArgumentParser()
     _parser.add_argument('-d', dest='debug', action='store_true',
@@ -870,7 +859,8 @@ if __name__ == '__main__':
     _parser.add_argument('-n', dest='name')
     _parser.add_argument('-S', dest='sign', action='store_true',
                          help="sign the metadata")
-
+    _parser.add_argument('-C', dest='service_conf_module',
+                         help="service config module")
 
     ARGS = {}
     _args = _parser.parse_args()
@@ -886,6 +876,21 @@ if __name__ == '__main__':
     else:
         SEED = "SnabbtInspel"
 
+    if _args.service_conf_module:
+        service_conf = importlib.import_module(_args.service_conf_module)
+    else:
+        import service_conf
+
+    HOST = service_conf.HOST
+    PORT = service_conf.PORT
+    # ------- HTTPS -------
+    # These should point to relevant files
+    SERVER_CERT = service_conf.SERVER_CERT
+    SERVER_KEY = service_conf.SERVER_KEY
+    # This is of course the certificate chain for the CA that signed
+    # your cert and all the way up to the top
+    CERT_CHAIN = service_conf.CERT_CHAIN
+
     SP = Saml2Client(config_file="%s" % CNFBASE)
 
     POLICY = service_conf.POLICY
@@ -907,6 +912,8 @@ if __name__ == '__main__':
 
     _https = ""
     if service_conf.HTTPS:
+        from cherrypy.wsgiserver import ssl_pyopenssl
+
         SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT,
                                                          SERVER_KEY, CERT_CHAIN)
         _https = " using SSL/TLS"