Merge remote-tracking branch 'upstream/master'

Author: Hans Hörberg

setup.py

@@ -17,8 +17,7 @@
     'pytz',
     'pyOpenSSL',
     'python-dateutil',
-    'six',
-    'future'
+    'six'
 ]
 
 version = ''

src/saml2/algsupport.py

@@ -0,0 +1,76 @@
+from subprocess import Popen, PIPE
+from saml2.sigver import get_xmlsec_binary
+from saml2.extension.algsupport import SigningMethod
+from saml2.extension.algsupport import DigestMethod
+
+__author__ = 'roland'
+
+DIGEST_METHODS = {
+    "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
+    "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
+    "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
+    "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
+    "hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384',
+    "hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512',
+    "hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160'
+}
+
+SIGNING_METHODS = {
+    "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
+    "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
+    "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
+    "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
+    "rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+    "rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
+    "rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
+    "dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1',
+    'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256',
+    'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1',
+    'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224',
+    'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256',
+    'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384',
+    'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512',
+}
+
+
+def get_algorithm_support(xmlsec):
+    com_list = [xmlsec, '--list-transforms']
+    pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
+
+    p_out = pof.stdout.read().decode('utf-8')
+    p_err = pof.stderr.read().decode('utf-8')
+
+    if not p_err:
+        p = p_out.split('\n')
+        algs = [x.strip('"') for x in p[1].split(',')]
+        digest = []
+        signing = []
+        for alg in algs:
+            if alg in DIGEST_METHODS:
+                digest.append(alg)
+            elif alg in SIGNING_METHODS:
+                signing.append(alg)
+
+        return {"digest": digest, "signing": signing}
+
+    raise SystemError(p_err)
+
+
+def algorithm_support_in_metadata(xmlsec):
+    if xmlsec is None:
+        return []
+
+    support = get_algorithm_support(xmlsec)
+    element_list = []
+    for alg in support["digest"]:
+        element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
+    for alg in support["signing"]:
+        element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
+    return element_list
+
+if __name__ == '__main__':
+    xmlsec = get_xmlsec_binary()
+    res = get_algorithm_support(xmlsec)
+    print(res)
+    for a in algorithm_support_in_metadata(xmlsec):
+        print(a)

tests/server2_conf.py

@@ -1,46 +1,47 @@
 from pathutils import full_path
 
 CONFIG = {
-    "entityid" : "urn:mace:example.com:saml:roland:sp",
-    "name" : "urn:mace:example.com:saml:roland:sp",
+    "entityid": "urn:mace:example.com:saml:roland:sp",
+    "name": "urn:mace:example.com:saml:roland:sp",
     "description": "My own SP",
     "service": {
         "sp": {
-            "endpoints":{
-                "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
+            "endpoints": {
+                "assertion_consumer_service": [
+                    "http://lingon.catalogix.se:8087/"],
             },
             "required_attributes": ["surName", "givenName", "mail"],
             "optional_attributes": ["title"],
-            "idp":["urn:mace:example.com:saml:roland:idp"],
+            "idp": ["urn:mace:example.com:saml:roland:idp"],
             "subject_data": "subject_data.db",
         }
     },
-    "debug" : 1,
-    "key_file" : full_path("test.key"),
-    "cert_file" : full_path("test.pem"),
-    "xmlsec_binary" : None,
+    "debug": 1,
+    "key_file": full_path("test.key"),
+    "cert_file": full_path("test.pem"),
+    "xmlsec_binary": None,
     "metadata": {
         "local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")],
     },
-    "virtual_organization" : {
-        "urn:mace:example.com:it:tek":{
-            "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
+    "virtual_organization": {
+        "urn:mace:example.com:it:tek": {
+            "nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
             "common_identifier": "umuselin",
         }
     },
     "accepted_time_diff": 60,
-    "attribute_map_dir" : full_path("attributemaps"),
+    "attribute_map_dir": full_path("attributemaps"),
     "organization": {
         "name": ("AB Exempel", "se"),
         "display_name": ("AB Exempel", "se"),
         "url": "http://www.example.org",
     },
     "contact_person": [{
-            "given_name": "Roland",
-            "sur_name": "Hedberg",
-            "telephone_number": "+46 70 100 0000",
-            "email_address": ["[email protected]", "[email protected]"],
-            "contact_type": "technical"
-        },
+        "given_name": "Roland",
+        "sur_name": "Hedberg",
+        "telephone_number": "+46 70 100 0000",
+        "email_address": ["[email protected]", "[email protected]"],
+        "contact_type": "technical"
+    },
     ]
 }

tests/sp_mdext_conf.py

@@ -1,4 +1,4 @@
-from pathutils import full_path
+from pathutils import full_path, xmlsec_path
 
 CONFIG = {
     "entityid": "urn:mace:example.com:saml:roland:sp",
@@ -38,7 +38,7 @@
     "debug": 1,
     "key_file": full_path("test.key"),
     "cert_file": full_path("test.pem"),
-    "xmlsec_binary": None,
+    "xmlsec_binary": xmlsec_path,
     "metadata": {
         "local": [full_path("idp_2.xml")],
     },

tests/test_30_mdstore.py

@@ -2,8 +2,8 @@
 # -*- coding: utf-8 -*-
 import datetime
 import re
-#from six.moves.urllib.parse import quote_plus
-from future.backports.urllib.parse import quote_plus
+from six.moves.urllib.parse import quote_plus
+#from future.backports.urllib.parse import quote_plus
 from saml2.config import Config
 from saml2.mdstore import MetadataStore
 from saml2.mdstore import MetaDataMDX

tests/test_83_md_extensions.py

@@ -12,3 +12,6 @@
 
 assert ed.spsso_descriptor.extensions
 assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
+
+assert ed.extensions
+assert len(ed.extensions.extension_elements) > 1

tools/mdexport.py

@@ -1,23 +1,17 @@
-#!/usr/bin/env python
-from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext
+ #!/usr/bin/env python
+from saml2.sigver import _get_xmlsec_cryptobackend
+from saml2.sigver import SecurityContext
 from saml2.httpbase import HTTPBase
 
 from saml2 import saml
 from saml2 import md
 from saml2.attribute_converter import ac_factory
-from saml2.extension import dri
-from saml2.extension import idpdisc
-from saml2.extension import mdattr
-from saml2.extension import mdrpi
-from saml2.extension import mdui
-from saml2.extension import shibmd
-from saml2.extension import ui
 from saml2 import xmldsig
 from saml2 import xmlenc
 
 import argparse
 
-from saml2.mdstore import MetaDataFile, MetaDataExtern
+from saml2.mdstore import MetaDataFile, MetaDataExtern, load_extensions
 
 __author__ = 'rolandh'
 
@@ -29,18 +23,12 @@
 
 ONTS = {
     saml.NAMESPACE: saml,
-    mdui.NAMESPACE: mdui,
-    mdattr.NAMESPACE: mdattr,
-    mdrpi.NAMESPACE: mdrpi,
-    dri.NAMESPACE: dri,
-    ui.NAMESPACE: ui,
-    idpdisc.NAMESPACE: idpdisc,
     md.NAMESPACE: md,
     xmldsig.NAMESPACE: xmldsig,
     xmlenc.NAMESPACE: xmlenc,
-    shibmd.NAMESPACE: shibmd
 }
 
+ONTS.update(load_extensions())
 
 parser = argparse.ArgumentParser()
 parser.add_argument('-t', dest='type')