diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-06-13 19:50:31 +0200 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-06-13 19:50:31 +0200 |
commit | ce93950ad8aaace170cbc5b41988101a8d3f5629 (patch) | |
tree | e21ef890148f6ba4351bff61a56868eef7caffd4 /tools | |
parent | 67dfae89808a0918cf0d37312411379602f930d3 (diff) | |
download | pysaml2-ce93950ad8aaace170cbc5b41988101a8d3f5629.tar.gz |
A tool that verifies the correctness of a metadata file is the file is fetched from somewhere the process of signature verification is expected.
Diffstat (limited to 'tools')
-rwxr-xr-x | tools/verify_metadata.py | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/tools/verify_metadata.py b/tools/verify_metadata.py new file mode 100755 index 00000000..103518c7 --- /dev/null +++ b/tools/verify_metadata.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python +from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext +from saml2.httpbase import HTTPBase + +from saml2 import saml +from saml2 import md +from saml2.attribute_converter import ac_factory +from saml2.extension import dri +from saml2.extension import idpdisc +from saml2.extension import mdattr +from saml2.extension import mdrpi +from saml2.extension import mdui +from saml2.extension import shibmd +from saml2.extension import ui +import xmldsig +import xmlenc + +import argparse + +from saml2.mdstore import MetaDataFile, MetaDataExtern + +__author__ = 'rolandh' + +""" +A script that imports and verifies metadata. +""" + + +ONTS = { + saml.NAMESPACE: saml, + mdui.NAMESPACE: mdui, + mdattr.NAMESPACE: mdattr, + mdrpi.NAMESPACE: mdrpi, + dri.NAMESPACE: dri, + ui.NAMESPACE: ui, + idpdisc.NAMESPACE: idpdisc, + md.NAMESPACE: md, + xmldsig.NAMESPACE: xmldsig, + xmlenc.NAMESPACE: xmlenc, + shibmd.NAMESPACE: shibmd +} + + +parser = argparse.ArgumentParser() +parser.add_argument('-t', dest='type') +parser.add_argument('-u', dest='url') +parser.add_argument('-c', dest='cert') +parser.add_argument('-a', dest='attrsmap') +parser.add_argument('-o', dest='output') +parser.add_argument('-x', dest='xmlsec') +parser.add_argument('-i', dest='ignore_valid', action='store_true') +parser.add_argument(dest="item") +args = parser.parse_args() + + +metad = None + +if args.ignore_valid: + kwargs = {"check_validity": False} +else: + kwargs = {} + +if args.type == "local": + metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs) +elif args.type == "external": + ATTRCONV = ac_factory(args.attrsmap) + httpc = HTTPBase() + crypto = _get_xmlsec_cryptobackend(args.xmlsec) + sc = SecurityContext(crypto) + metad = MetaDataExtern(ONTS.values(), ATTRCONV, args.url, + sc, cert=args.cert, http=httpc, **kwargs) + +if metad: + try: + metad.load() + except: + raise + else: + print "OK" + + + |