IdentityPython
diff --git a/‎src/saml2/__init__.py
Lines changed: 13 additions & 7 deletions b/‎src/saml2/__init__.py
Lines changed: 13 additions & 7 deletions
diff --git a/‎src/saml2/assertion.py
Lines changed: 2 additions & 2 deletions b/‎src/saml2/assertion.py
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/saml2/cache.py
Lines changed: 3 additions & 3 deletions b/‎src/saml2/cache.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/saml2/client_base.py
Lines changed: 1 addition & 1 deletion b/‎src/saml2/client_base.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/saml2/discovery.py
Lines changed: 1 addition & 3 deletions b/‎src/saml2/discovery.py
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/saml2/ecp_client.py
Lines changed: 1 addition & 1 deletion b/‎src/saml2/ecp_client.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/saml2/entity.py
Lines changed: 14 additions & 8 deletions b/‎src/saml2/entity.py
Lines changed: 14 additions & 8 deletions
diff --git a/‎src/saml2/eptid.py
Lines changed: 2 additions & 0 deletions b/‎src/saml2/eptid.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/saml2/filter.py
Lines changed: 1 addition & 1 deletion b/‎src/saml2/filter.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/saml2/httpbase.py
Lines changed: 12 additions & 7 deletions b/‎src/saml2/httpbase.py
Lines changed: 12 additions & 7 deletions
@@ -83,6 +83,8 @@ def create_class_from_xml_string(target_class, xml_string):
         the contents of the XML - or None if the root XML tag and namespace did
         not match those of the target class.
     """
+    if not isinstance(xml_string, six.binary_type):
+        xml_string = xml_string.encode('utf-8')
     tree = ElementTree.fromstring(xml_string)
     return create_class_from_element_tree(target_class, tree)
 
@@ -576,7 +578,7 @@ def get_ns_map(self, elements, uri_set):
 
         for elem in elements:
             uri_set = self.get_ns_map_attribute(elem.attrib, uri_set)
-            uri_set = self.get_ns_map(elem._children, uri_set)
+            uri_set = self.get_ns_map(elem.getchildren(), uri_set)
             uri = self.tag_get_uri(elem)
             if uri is not None:
                 uri_set.add(uri)
@@ -600,7 +602,7 @@ def get_xml_string_with_self_contained_assertion_within_advice_encrypted_asserti
                     if assertion is not None:
                         self.set_prefixes(assertion, prefix_map)
 
-        return ElementTree.tostring(tree, encoding="UTF-8")
+        return ElementTree.tostring(tree, encoding="UTF-8").decode('utf-8')
 
     def get_xml_string_with_self_contained_assertion_within_encrypted_assertion(self, assertion_tag):
         """ Makes a encrypted assertion only containing self contained namespaces.
@@ -614,7 +616,7 @@ def get_xml_string_with_self_contained_assertion_within_encrypted_assertion(self
 
         self.set_prefixes(tree.find(self.encrypted_assertion._to_element_tree().tag).find(assertion_tag), prefix_map)
 
-        return ElementTree.tostring(tree, encoding="UTF-8")
+        return ElementTree.tostring(tree, encoding="UTF-8").decode('utf-8')
 
     def set_prefixes(self, elem, prefix_map):
 
@@ -825,10 +827,14 @@ def __eq__(self, other):
                     return False
             elif isinstance(svals, list):
                 for sval in svals:
-                    for oval in ovals:
-                        if sval == oval:
-                            break
-                    else:
+                    try:
+                        for oval in ovals:
+                            if sval == oval:
+                                break
+                        else:
+                            return False
+                    except TypeError:
+                        # ovals isn't iterable
                         return False
             else:
                 if svals == ovals:  # Since I only support '=='
 
@@ -229,7 +229,7 @@ def filter_attribute_value_assertions(ava, attribute_restrictions=None):
     if not attribute_restrictions:
         return ava
 
-    for attr, vals in ava.items():
+    for attr, vals in list(ava.items()):
         _attr = attr.lower()
         try:
             _rests = attribute_restrictions[_attr]
@@ -767,7 +767,7 @@ def apply_policy(self, sp_entity_id, policy, metadata=None):
         policy.acs = self.acs
         ava = policy.restrict(self, sp_entity_id, metadata)
 
-        for key, val in self.items():
+        for key, val in list(self.items()):
             if key in ava:
                 self[key] = ava[key]
             else:
 
@@ -23,7 +23,7 @@ class CacheError(SAMLError):
 class Cache(object):
     def __init__(self, filename=None):
         if filename:
-            self._db = shelve.open(filename, writeback=True)
+            self._db = shelve.open(filename, writeback=True, protocol=2)
             self._sync = True
         else:
             self._db = {}
@@ -96,7 +96,7 @@ def get(self, name_id, entity_id, check_not_on_or_after=True):
         cni = code(name_id)
         (timestamp, info) = self._db[cni][entity_id]
         if check_not_on_or_after and time_util.after(timestamp):
-            raise ToOld("past %s" % timestamp)
+            raise ToOld("past %s" % str(timestamp))
 
         return info or None
 
@@ -139,7 +139,7 @@ def entities(self, name_id):
         :return: A possibly empty list of entity identifiers
         """
         cni = code(name_id)
-        return self._db[cni].keys()
+        return list(self._db[cni].keys())
 
     def receivers(self, name_id):
         """ Another name for entities() just to make it more logic in the IdP
 
@@ -149,7 +149,7 @@ def _sso_location(self, entityid=None, binding=BINDING_HTTP_REDIRECT):
             raise IdpUnspecified("Too many IdPs to choose from: %s" % eids)
 
         try:
-            srvs = self.metadata.single_sign_on_service(eids.keys()[0], binding)
+            srvs = self.metadata.single_sign_on_service(list(eids.keys())[0], binding)
             return destinations(srvs)[0]
         except IndexError:
             raise IdpUnspecified("No IdP to send to given the premises")
 
@@ -1,6 +1,4 @@
-from urllib import urlencode
-from urlparse import parse_qs
-from urlparse import urlparse
+from six.moves.urllib.parse import urlencode, parse_qs, urlparse
 from saml2.entity import Entity
 from saml2.response import VerificationError
 
 
@@ -7,7 +7,7 @@
 programs.
 """
 
-import cookielib
+from six.moves import http_cookiejar as cookielib
 import logging
 
 from saml2 import soap
 
@@ -34,7 +34,7 @@
 from saml2.s_utils import sid
 from saml2.s_utils import UnravelError
 from saml2.s_utils import error_status_factory
-from saml2.s_utils import rndstr
+from saml2.s_utils import rndbytes
 from saml2.s_utils import success_status_factory
 from saml2.s_utils import decode_base64_and_inflate
 from saml2.s_utils import UnsupportedBinding
@@ -73,7 +73,7 @@
 
 __author__ = 'rolandh'
 
-ARTIFACT_TYPECODE = '\x00\x04'
+ARTIFACT_TYPECODE = b'\x00\x04'
 
 SERVICE2MESSAGE = {
     "single_sign_on_service": AuthnRequest,
@@ -103,11 +103,17 @@ def create_artifact(entity_id, message_handle, endpoint_index=0):
     :param endpoint_index:
     :return:
     """
+    if not isinstance(entity_id, six.binary_type):
+        entity_id = entity_id.encode('utf-8')
     sourceid = sha1(entity_id)
 
-    ter = "%s%.2x%s%s" % (ARTIFACT_TYPECODE, endpoint_index,
-                          sourceid.digest(), message_handle)
-    return base64.b64encode(ter)
+    if not isinstance(message_handle, six.binary_type):
+        message_handle = message_handle.encode('utf-8')
+    ter = b"".join((ARTIFACT_TYPECODE, 
+                    ("%.2x" % endpoint_index).encode('ascii'),
+                    sourceid.digest(),
+                    message_handle))
+    return base64.b64encode(ter).decode('ascii')
 
 
 class Entity(HTTPBase):
@@ -540,7 +546,7 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response, node_xpath=No
                     _cert = "%s%s" % (begin_cert, _cert)
                 if end_cert not in _cert:
                     _cert = "%s%s" % (_cert, end_cert)
-                _, cert_file = make_temp(_cert, decode=False)
+                _, cert_file = make_temp(_cert.encode('ascii'), decode=False)
                 response = cbxs.encrypt_assertion(response, cert_file,
                                                   pre_encryption_part(), node_xpath=node_xpath)
                 return response
@@ -1115,8 +1121,8 @@ def use_artifact(self, message, endpoint_index=0):
         :param endpoint_index:
         :return:
         """
-        message_handle = sha1("%s" % message)
-        message_handle.update(rndstr())
+        message_handle = sha1(str(message).encode('utf-8'))
+        message_handle.update(rndbytes())
         mhd = message_handle.digest()
         saml_art = create_artifact(self.config.entityid, mhd, endpoint_index)
         self.artifact[saml_art] = message
 
@@ -42,6 +42,8 @@ def __getitem__(self, key):
         return self._db[key]
 
     def __setitem__(self, key, value):
+        if six.PY3 and isinstance(key, six.binary_type):
+            key = key.decode('utf-8')
         self._db[key] = value
 
     def get(self, idp, sp, *args):
 
@@ -21,7 +21,7 @@ def __init__(self, allow):
     def __call__(self, entity_descriptor):
         # get descriptors
         _all = []
-        for desc in entity_descriptor.keys():
+        for desc in list(entity_descriptor.keys()):
             if desc.endswith("_descriptor"):
                 typ, _ = desc.rsplit("_", 1)
                 if typ in self.allow:
 
@@ -5,6 +5,7 @@
 import re
 import urllib
 from six.moves.urllib.parse import urlparse
+from six.moves.urllib.parse import urlencode
 import requests
 import time
 from six.moves.http_cookies import SimpleCookie
@@ -269,10 +270,10 @@ def use_http_form_post(message, destination, relay_state,
     @staticmethod
     def use_http_artifact(message, destination="", relay_state=""):
         if relay_state:
-            query = urllib.urlencode({"SAMLart": message,
-                                      "RelayState": relay_state})
+            query = urlencode({"SAMLart": message,
+                               "RelayState": relay_state})
         else:
-            query = urllib.urlencode({"SAMLart": message})
+            query = urlencode({"SAMLart": message})
         info = {
             "data": "",
             "url": "%s?%s" % (destination, query)
@@ -281,9 +282,13 @@ def use_http_artifact(message, destination="", relay_state=""):
 
     @staticmethod
     def use_http_uri(message, typ, destination="", relay_state=""):
+        if "\n" in message:
+            data = message.split("\n")[1]
+        else:
+            data = message.strip()
         if typ == "SAMLResponse":
             info = {
-                "data": message.split("\n")[1],
+                "data": data,
                 "headers": [
                     ("Content-Type", "application/samlassertion+xml"),
                     ("Cache-Control", "no-cache, no-store"),
@@ -293,10 +298,10 @@ def use_http_uri(message, typ, destination="", relay_state=""):
         elif typ == "SAMLRequest":
             # msg should be an identifier
             if relay_state:
-                query = urllib.urlencode({"ID": message,
-                                          "RelayState": relay_state})
+                query = urlencode({"ID": message,
+                                   "RelayState": relay_state})
             else:
-                query = urllib.urlencode({"ID": message})
+                query = urlencode({"ID": message})
             info = {
                 "data": "",
                 "url": "%s?%s" % (destination, query)