diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2016-04-16 08:52:53 +0200 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2016-04-16 08:52:53 +0200 |
commit | 9dd3ee910aed4fb6b322b9ab022b044c7e753ab4 (patch) | |
tree | f3c2e01e1ed0beebc440d4da02be3fefaf9d0934 /src/saml2/assertion.py | |
parent | 61afe88cd9d3b5f6bfdd499af6746867ee78c8d1 (diff) | |
download | pysaml2-9dd3ee910aed4fb6b322b9ab022b044c7e753ab4.tar.gz |
Added functionality needed by the saml2test tool.
Diffstat (limited to 'src/saml2/assertion.py')
-rw-r--r-- | src/saml2/assertion.py | 80 |
1 files changed, 51 insertions, 29 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index c6e24d2f..3a5220ec 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -654,6 +654,47 @@ def authn_statement(authn_class=None, authn_auth=None, return res +def do_subject_confirmation(policy, sp_entity_id, key_info=None, **treeargs): + """ + + :param policy: Policy instance + :param sp_entity_id: The entityid of the SP + :param subject_confirmation_method: How was the subject confirmed + :param address: The network address/location from which an attesting entity + can present the assertion. + :param key_info: Information of the key used to confirm the subject + :param in_response_to: The ID of a SAML protocol message in response to + which an attesting entity can present the assertion. + :param recipient: A URI specifying the entity or location to which an + attesting entity can present the assertion. + :param not_before: A time instant before which the subject cannot be + confirmed. The time value MUST be encoded in UTC. + :return: + """ + + _sc = factory(saml.SubjectConfirmation, **treeargs) + + _scd = _sc.subject_confirmation_data + _scd.not_on_or_after = policy.not_on_or_after(sp_entity_id) + + if _sc.method == saml.SCM_HOLDER_OF_KEY: + _scd.add_extension_element(key_info) + + return _sc + + +def do_subject(policy, sp_entity_id, name_id, **farg): + # + specs = farg['subject_confirmation'] + + if isinstance(specs, list): + res = [do_subject_confirmation(policy, sp_entity_id, **s) for s in specs] + else: + res = [do_subject_confirmation(policy, sp_entity_id, **specs)] + + return factory(saml.Subject, name_id=name_id, subject_confirmation=res) + + class Assertion(dict): """ Handles assertions about subjects """ @@ -661,17 +702,16 @@ class Assertion(dict): dict.__init__(self, dic) self.acs = [] - def construct(self, sp_entity_id, in_response_to, consumer_url, - name_id, attrconvs, policy, issuer, authn_class=None, - authn_auth=None, authn_decl=None, encrypt=None, - sec_context=None, authn_decl_ref=None, authn_instant="", - subject_locality="", authn_statem=None, add_subject=True): + def construct(self, sp_entity_id, attrconvs, policy, issuer, farg, + authn_class=None, authn_auth=None, authn_decl=None, + encrypt=None, sec_context=None, authn_decl_ref=None, + authn_instant="", subject_locality="", authn_statem=None, + name_id=None): """ Construct the Assertion :param sp_entity_id: The entityid of the SP :param in_response_to: An identifier of the message, this message is a response to - :param consumer_url: The intended consumer of the assertion :param name_id: An NameID instance :param attrconvs: AttributeConverters :param policy: The policy that should be adhered to when replying @@ -721,29 +761,11 @@ class Assertion(dict): else: _authn_statement = None - if not add_subject: - _ass = assertion_factory( - issuer=issuer, - conditions=conds, - subject=None - ) - else: - _ass = assertion_factory( - issuer=issuer, - conditions=conds, - subject=factory( - saml.Subject, - name_id=name_id, - subject_confirmation=[factory( - saml.SubjectConfirmation, - method=saml.SCM_BEARER, - subject_confirmation_data=factory( - saml.SubjectConfirmationData, - in_response_to=in_response_to, - recipient=consumer_url, - not_on_or_after=policy.not_on_or_after(sp_entity_id)))] - ), - ) + subject = do_subject(policy, sp_entity_id, name_id, + **farg['subject']) + + _ass = assertion_factory(issuer=issuer, conditions=conds, + subject=subject) if _authn_statement: _ass.authn_statement = [_authn_statement] |