本文整理汇总了Python中onelogin.saml2.xml_utils.OneLogin_Saml2_XML.to_etree方法的典型用法代码示例。如果您正苦于以下问题:Python OneLogin_Saml2_XML.to_etree方法的具体用法?Python OneLogin_Saml2_XML.to_etree怎么用?Python OneLogin_Saml2_XML.to_etree使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类onelogin.saml2.xml_utils.OneLogin_Saml2_XML的用法示例。
在下文中一共展示了OneLogin_Saml2_XML.to_etree方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_metadata
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def get_metadata(url):
"""
Gets the metadata XML from the provided URL
:param url: Url where the XML of the Identity Provider Metadata is published.
:type url: string
:returns: metadata XML
:rtype: string
"""
valid = False
response = urllib2.urlopen(url)
xml = response.read()
if xml:
try:
dom = OneLogin_Saml2_XML.to_etree(xml)
idp_descriptor_nodes = OneLogin_Saml2_XML.query(dom, '//md:IDPSSODescriptor')
if idp_descriptor_nodes:
valid = True
except:
pass
if not valid:
raise Exception('Not valid IdP XML found from URL: %s' % (url))
return xml示例2: add_x509_key_descriptors
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def add_x509_key_descriptors(metadata, cert=None):
"""
Adds the x509 descriptors (sign/encriptation) to the metadata
The same cert will be used for sign/encrypt
:param metadata: SAML Metadata XML
:type metadata: string
:param cert: x509 cert
:type cert: string
:returns: Metadata with KeyDescriptors
:rtype: string
"""
if cert is None or cert == '':
return metadata
try:
root = OneLogin_Saml2_XML.to_etree(metadata)
except Exception as e:
raise Exception('Error parsing metadata. ' + str(e))
assert root.tag == '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD
try:
sp_sso_descriptor = next(root.iterfind('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))
except StopIteration:
raise Exception('Malformed metadata.')
OneLogin_Saml2_Metadata.__add_x509_key_descriptors(sp_sso_descriptor, cert, False)
OneLogin_Saml2_Metadata.__add_x509_key_descriptors(sp_sso_descriptor, cert, True)
return OneLogin_Saml2_XML.to_string(root)示例3: validate_metadata_sign
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def validate_metadata_sign(
xml, cert=None, fingerprint=None, fingerprintalg="sha1", validatecert=False, debug=False
):
"""
Validates a signature of a EntityDescriptor.
:param xml: The element we should validate
:type: string | Document
:param cert: The pubic cert
:type: string
:param fingerprint: The fingerprint of the public cert
:type: string
:param fingerprintalg: The algorithm used to build the fingerprint
:type: string
:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool
:param debug: Activate the xmlsec debug
:type: bool
"""
try:
if xml is None or xml == "":
raise Exception("Empty string supplied as input")
elem = OneLogin_Saml2_XML.to_etree(xml)
xmlsec.enable_debug_trace(debug)
xmlsec.tree.add_ids(elem, ["ID"])
signature_nodes = OneLogin_Saml2_XML.query(elem, "/md:EntitiesDescriptor/ds:Signature")
if len(signature_nodes) == 0:
signature_nodes += OneLogin_Saml2_XML.query(elem, "/md:EntityDescriptor/ds:Signature")
if len(signature_nodes) == 0:
signature_nodes += OneLogin_Saml2_XML.query(
elem, "/md:EntityDescriptor/md:SPSSODescriptor/ds:Signature"
)
signature_nodes += OneLogin_Saml2_XML.query(
elem, "/md:EntityDescriptor/md:IDPSSODescriptor/ds:Signature"
)
if len(signature_nodes) > 0:
for signature_node in signature_nodes:
if not OneLogin_Saml2_Utils.validate_node_sign(
signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, debug
):
return False
return True
else:
return False
except Exception:
return False示例4: testGetID
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def testGetID(self):
"""
Tests the get_id method of the OneLogin_Saml2_Authn_Request.
"""
saml_settings = self.loadSettingsJSON()
settings = OneLogin_Saml2_Settings(saml_settings)
authn_request = OneLogin_Saml2_Authn_Request(settings)
authn_request_encoded = authn_request.get_request()
inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded))
document = OneLogin_Saml2_XML.to_etree(inflated)
self.assertEqual(authn_request.get_id(), document.get('ID', None))示例5: get_id
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def get_id(request):
"""
Returns the ID of the Logout Request
:param request: Logout Request Message
:type request: string|DOMDocument
:return: string ID
:rtype: str object
"""
elem = OneLogin_Saml2_XML.to_etree(request)
return elem.get('ID', None)示例6: validate_sign
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def validate_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False, xpath=None):
"""
Validates a signature (Message or Assertion).
:param xml: The element we should validate
:type: string | Document
:param cert: The public cert
:type: string
:param fingerprint: The fingerprint of the public cert
:type: string
:param fingerprintalg: The algorithm used to build the fingerprint
:type: string
:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool
:param debug: Activate the xmlsec debug
:type: bool
:param xpath: The xpath of the signed element
:type: string
"""
try:
if xml is None or xml == '':
raise Exception('Empty string supplied as input')
elem = OneLogin_Saml2_XML.to_etree(xml)
xmlsec.enable_debug_trace(debug)
xmlsec.tree.add_ids(elem, ["ID"])
if xpath:
signature_nodes = OneLogin_Saml2_XML.query(elem, xpath)
else:
signature_nodes = OneLogin_Saml2_XML.query(elem, OneLogin_Saml2_Utils.RESPONSE_SIGNATURE_XPATH)
if len(signature_nodes) == 0:
signature_nodes = OneLogin_Saml2_XML.query(elem, OneLogin_Saml2_Utils.ASSERTION_SIGNATURE_XPATH)
if len(signature_nodes) == 1:
signature_node = signature_nodes[0]
return OneLogin_Saml2_Utils.validate_node_sign(signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, debug)
else:
return False
except xmlsec.Error as e:
if debug:
print(e)
return False示例7: validate_sign
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def validate_sign(xml, cert=None, fingerprint=None, fingerprintalg="sha1", validatecert=False, debug=False):
"""
Validates a signature (Message or Assertion).
:param xml: The element we should validate
:type: string | Document
:param cert: The pubic cert
:type: string
:param fingerprint: The fingerprint of the public cert
:type: string
:param fingerprintalg: The algorithm used to build the fingerprint
:type: string
:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool
:param debug: Activate the xmlsec debug
:type: bool
"""
try:
if xml is None or xml == "":
raise Exception("Empty string supplied as input")
elem = OneLogin_Saml2_XML.to_etree(xml)
xmlsec.enable_debug_trace(debug)
xmlsec.tree.add_ids(elem, ["ID"])
signature_nodes = OneLogin_Saml2_XML.query(elem, "/samlp:Response/ds:Signature")
if not len(signature_nodes) > 0:
signature_nodes += OneLogin_Saml2_XML.query(
elem, "/samlp:Response/saml:EncryptedAssertion/saml:Assertion/ds:Signature"
)
signature_nodes += OneLogin_Saml2_XML.query(elem, "/samlp:Response/saml:Assertion/ds:Signature")
if len(signature_nodes) == 1:
signature_node = signature_nodes[0]
return OneLogin_Saml2_Utils.validate_node_sign(
signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, debug
)
else:
return False
except xmlsec.Error as e:
if debug:
print(e)
return False示例8: get_session_indexes
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def get_session_indexes(request):
"""
Gets the SessionIndexes from the Logout Request
:param request: Logout Request Message
:type request: string|DOMDocument
:return: The SessionIndex value
:rtype: list
"""
elem = OneLogin_Saml2_XML.to_etree(request)
session_indexes = []
session_index_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/samlp:SessionIndex')
for session_index_node in session_index_nodes:
session_indexes.append(session_index_node.text)
return session_indexes示例9: get_issuer
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def get_issuer(request):
"""
Gets the Issuer of the Logout Request Message
:param request: Logout Request Message
:type request: string|DOMDocument
:return: The Issuer
:rtype: string
"""
elem = OneLogin_Saml2_XML.to_etree(request)
issuer = None
issuer_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:Issuer')
if len(issuer_nodes) == 1:
issuer = issuer_nodes[0].text
return issuer示例10: __init__
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def __init__(self, settings, response=None):
"""
Constructs a Logout Response object (Initialize params from settings
and if provided load the Logout Response.
Arguments are:
* (OneLogin_Saml2_Settings) settings. Setting data
* (string) response. An UUEncoded SAML Logout
response from the IdP.
"""
self.__settings = settings
self.__error = None
if response is not None:
self.__logout_response = OneLogin_Saml2_Utils.decode_base64_and_inflate(response)
self.document = OneLogin_Saml2_XML.to_etree(self.__logout_response)示例11: get_nameid_data
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def get_nameid_data(request, key=None):
"""
Gets the NameID Data of the the Logout Request
:param request: Logout Request Message
:type request: string|DOMDocument
:param key: The SP key
:type key: string
:return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
:rtype: dict
"""
elem = OneLogin_Saml2_XML.to_etree(request)
name_id = None
encrypted_entries = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:EncryptedID')
if len(encrypted_entries) == 1:
if key is None:
raise Exception('Key is required in order to decrypt the NameID')
encrypted_data_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:EncryptedID/xenc:EncryptedData')
if len(encrypted_data_nodes) == 1:
encrypted_data = encrypted_data_nodes[0]
name_id = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key)
else:
entries = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:NameID')
if len(entries) == 1:
name_id = entries[0]
if name_id is None:
raise Exception('Not NameID found in the Logout Request')
name_id_data = {
'Value': name_id.text
}
for attr in ['Format', 'SPNameQualifier', 'NameQualifier']:
if attr in name_id.attrib:
name_id_data[attr] = name_id.attrib[attr]
return name_id_data示例12: decrypt_element
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def decrypt_element(encrypted_data, key, debug=False):
"""
Decrypts an encrypted element.
:param encrypted_data: The encrypted data.
:type: lxml.etree.Element | DOMElement | basestring
:param key: The key.
:type: string
:param debug: Activate the xmlsec debug
:type: bool
:returns: The decrypted element.
:rtype: lxml.etree.Element
"""
encrypted_data = OneLogin_Saml2_XML.to_etree(encrypted_data)
xmlsec.enable_debug_trace(debug)
manager = xmlsec.KeysManager()
manager.add_key(xmlsec.Key.from_memory(key, xmlsec.KeyFormat.PEM, None))
enc_ctx = xmlsec.EncryptionContext(manager)
return enc_ctx.decrypt(encrypted_data)示例13: __init__
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def __init__(self, settings, response):
"""
Constructs the response object.
:param settings: The setting info
:type settings: OneLogin_Saml2_Setting object
:param response: The base64 encoded, XML string containing the samlp:Response
:type response: string
"""
self.__settings = settings
self.__error = None
self.response = OneLogin_Saml2_Utils.b64decode(response)
self.document = OneLogin_Saml2_XML.to_etree(self.response)
self.decrypted_document = None
self.encrypted = None
# Quick check for the presence of EncryptedAssertion
encrypted_assertion_nodes = self.__query('/samlp:Response/saml:EncryptedAssertion')
if encrypted_assertion_nodes:
decrypted_document = deepcopy(self.document)
self.encrypted = True
self.decrypted_document = self.__decrypt_assertion(decrypted_document)示例14: parse
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def parse(idp_metadata):
"""
Parse the Identity Provider metadata and returns a dict with extracted data
If there are multiple IDPSSODescriptor it will only parse the first
:param idp_metadata: XML of the Identity Provider Metadata.
:type idp_metadata: string
:param url: If true and the URL is HTTPs, the cert of the domain is checked.
:type url: bool
:returns: settings dict with extracted data
:rtype: string
"""
data = {}
dom = OneLogin_Saml2_XML.to_etree(idp_metadata)
entity_descriptor_nodes = OneLogin_Saml2_XML.query(dom, '//md:EntityDescriptor')
idp_entity_id = want_authn_requests_signed = idp_name_id_format = idp_sso_url = idp_slo_url = idp_x509_cert = None
if len(entity_descriptor_nodes) > 0:
for entity_descriptor_node in entity_descriptor_nodes:
idp_descriptor_nodes = OneLogin_Saml2_XML.query(entity_descriptor_node, './md:IDPSSODescriptor')
if len(idp_descriptor_nodes) > 0:
idp_descriptor_node = idp_descriptor_nodes[0]
idp_entity_id = entity_descriptor_node.get('entityID', None)
want_authn_requests_signed = entity_descriptor_node.get('WantAuthnRequestsSigned', None)
name_id_format_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, './md:NameIDFormat')
if len(name_id_format_nodes) > 0:
idp_name_id_format = name_id_format_nodes[0].text
sso_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, "./md:SingleSignOnService[@Binding='%s']" % OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT)
if len(sso_nodes) > 0:
idp_sso_url = sso_nodes[0].get('Location', None)
slo_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, "./md:SingleLogoutService[@Binding='%s']" % OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT)
if len(slo_nodes) > 0:
idp_slo_url = slo_nodes[0].get('Location', None)
cert_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, "./md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate")
if len(cert_nodes) > 0:
idp_x509_cert = cert_nodes[0].text
data['idp'] = {}
if idp_entity_id is not None:
data['idp']['entityId'] = idp_entity_id
if idp_sso_url is not None:
data['idp']['singleLogoutService'] = {}
data['idp']['singleLogoutService']['url'] = idp_sso_url
if idp_slo_url is not None:
data['idp']['singleLogoutService'] = {}
data['idp']['singleLogoutService']['url'] = idp_slo_url
if idp_x509_cert is not None:
data['idp']['x509cert'] = idp_x509_cert
if want_authn_requests_signed is not None:
data['security'] = {}
data['security']['authnRequestsSigned'] = want_authn_requests_signed
if idp_name_id_format:
data['sp'] = {}
data['sp']['NameIDFormat'] = idp_name_id_format
break
return data示例15: parse
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import to_etree [as 别名]
def parse(
idp_metadata,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT,
required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT,
index=0):
"""
Parses the Identity Provider metadata and return a dict with extracted data.
If there are multiple <IDPSSODescriptor> tags, parse only the first.
Parses only those SSO endpoints with the same binding as given by
the `required_sso_binding` parameter.
Parses only those SLO endpoints with the same binding as given by
the `required_slo_binding` parameter.
If the metadata specifies multiple SSO endpoints with the required
binding, extract only the first (the same holds true for SLO
endpoints).
:param idp_metadata: XML of the Identity Provider Metadata.
:type idp_metadata: string
:param required_sso_binding: Parse only POST or REDIRECT SSO endpoints.
:type required_sso_binding: one of OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT
or OneLogin_Saml2_Constants.BINDING_HTTP_POST
:param required_slo_binding: Parse only POST or REDIRECT SLO endpoints.
:type required_slo_binding: one of OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT
or OneLogin_Saml2_Constants.BINDING_HTTP_POST
:param index: If the metadata contains more than 1 certificate, use index to get the right certificate.
:type index: number
:returns: settings dict with extracted data
:rtype: dict
"""
data = {}
dom = OneLogin_Saml2_XML.to_etree(idp_metadata)
entity_descriptor_nodes = OneLogin_Saml2_XML.query(dom, '//md:EntityDescriptor')
idp_entity_id = want_authn_requests_signed = idp_name_id_format = idp_sso_url = idp_slo_url = idp_x509_cert = None
if len(entity_descriptor_nodes) > 0:
for entity_descriptor_node in entity_descriptor_nodes:
idp_descriptor_nodes = OneLogin_Saml2_XML.query(entity_descriptor_node, './md:IDPSSODescriptor')
if len(idp_descriptor_nodes) > 0:
idp_descriptor_node = idp_descriptor_nodes[0]
idp_entity_id = entity_descriptor_node.get('entityID', None)
want_authn_requests_signed = entity_descriptor_node.get('WantAuthnRequestsSigned', None)
name_id_format_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, './md:NameIDFormat')
if len(name_id_format_nodes) > 0:
idp_name_id_format = name_id_format_nodes[0].text
sso_nodes = OneLogin_Saml2_XML.query(
idp_descriptor_node,
"./md:SingleSignOnService[@Binding='%s']" % required_sso_binding
)
if len(sso_nodes) > 0:
idp_sso_url = sso_nodes[0].get('Location', None)
slo_nodes = OneLogin_Saml2_XML.query(
idp_descriptor_node,
"./md:SingleLogoutService[@Binding='%s']" % required_slo_binding
)
if len(slo_nodes) > 0:
idp_slo_url = slo_nodes[0].get('Location', None)
# Attempt to extract the cert/public key to be used for
# verifying signatures (as opposed to extracing a key to be
# used for encryption), by specifying `use=signing` in the
# XPath expression. If that does not yield a cert, retry
# using a more relaxed XPath expression (the `use` attribute
# is optional according to the saml-metadata-2.0-os spec).
cert_nodes = OneLogin_Saml2_XML.query(
idp_descriptor_node,
"./md:KeyDescriptor[@use='signing']/ds:KeyInfo/ds:X509Data/ds:X509Certificate"
)
if not cert_nodes:
cert_nodes = OneLogin_Saml2_XML.query(
idp_descriptor_node,
"./md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate"
)
if len(cert_nodes) > 0:
idp_x509_cert = OneLogin_Saml2_Utils.format_cert(cert_nodes[index].text, False)
data['idp'] = {}
if idp_entity_id is not None:
data['idp']['entityId'] = idp_entity_id
if idp_sso_url is not None:
#.........这里部分代码省略.........