1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
#!/usr/bin/env python
from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext
from saml2.httpbase import HTTPBase
from saml2.attribute_converter import ac_factory
import argparse
from saml2.mdstore import MetaDataFile, MetaDataExtern, MetadataStore
__author__ = 'rolandh'
"""
A script that imports and verifies metadata.
"""
parser = argparse.ArgumentParser()
parser.add_argument('-a', dest='attrsmap')
parser.add_argument('-o', dest='output', default="local")
parser.add_argument('-x', dest='xmlsec')
parser.add_argument('-i', dest='ignore_valid', action='store_true')
parser.add_argument(dest="conf")
args = parser.parse_args()
metad = None
# config file format
#
# local <local file name>
# remote <url> <local file name for certificate use to verify signature>
#
# for instance
#
#local metadata_sp_1.xml
#local InCommon-metadata.xml
#remote https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2 kalmar2.pem
#
ATTRCONV = ac_factory(args.attrsmap)
mds = MetadataStore(None, None)
for line in open(args.conf).readlines():
line = line.strip()
if len(line) == 0:
continue
elif line[0] == "#":
continue
spec = line.split(" ")
if args.ignore_valid:
kwargs = {"check_validity": False}
else:
kwargs = {}
if spec[0] == "local":
metad = MetaDataFile(spec[1], spec[1], **kwargs)
elif spec[0] == "remote":
ATTRCONV = ac_factory(args.attrsmap)
httpc = HTTPBase()
crypto = _get_xmlsec_cryptobackend(args.xmlsec)
sc = SecurityContext(crypto, key_type="", cert_type="")
metad = MetaDataExtern(ATTRCONV, spec[1], sc, cert=spec[2], http=httpc,
**kwargs)
if metad is not None:
try:
metad.load()
except:
raise
mds.metadata[spec[1]] = metad
print(mds.dumps(args.output))
|