本文整理汇总了Python中saml2.sigver.security_context函数的典型用法代码示例。如果您正苦于以下问题:Python security_context函数的具体用法?Python security_context怎么用?Python security_context使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了security_context函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_metadata_string
def create_metadata_string(configfile, config=None, valid=None, cert=None,
keyfile=None, mid=None, name=None, sign=None):
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
# paths = [".", "/opt/local/bin"]
if valid:
valid_for = int(valid) # Hours
eds = []
if config is None:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = config.key_file or keyfile
conf.cert_file = config.cert_file or cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if mid:
eid, xmldoc = entities_descriptor(eds, valid_for, name, mid,
sign, secc)
else:
eid = eds[0]
if sign:
eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
else:
xmldoc = None
valid_instance(eid)
return metadata_tostring_fix(eid, nspair, xmldoc)示例2: test_xmlsec_err
def test_xmlsec_err():
conf = config.SPConfig()
conf.load_file("server_conf")
md = MetadataStore([saml, samlp], None, conf)
md.load("local", full_path("idp_example.xml"))
conf.metadata = md
conf.only_use_keys_in_metadata = False
sec = sigver.security_context(conf)
assertion = factory(
saml.Assertion, version="2.0", id="11111",
issue_instant="2009-10-30T13:20:28Z",
signature=sigver.pre_signature_part("11111", sec.my_cert, 1),
attribute_statement=do_attribute_statement(
{("", "", "surName"): ("Foo", ""),
("", "", "givenName"): ("Bar", ""), })
)
try:
sec.sign_statement(assertion, class_name(assertion),
key_file=full_path("tes.key"),
node_id=assertion.id)
except (XmlsecError, SigverError) as err: # should throw an exception
pass
else:
assert False示例3: __init__
def __init__(self, entity_type, config=None, config_file="",
virtual_organization=""):
self.entity_type = entity_type
self.users = None
if config:
self.config = config
elif config_file:
self.config = config_factory(entity_type, config_file)
else:
raise SAMLError("Missing configuration")
for item in ["cert_file", "key_file", "ca_certs"]:
_val = getattr(self.config, item, None)
if not _val:
continue
if _val.startswith("http"):
r = requests.request("GET", _val)
if r.status_code == 200:
_, filename = make_temp(r.text, ".pem", False)
setattr(self.config, item, filename)
else:
raise Exception(
"Could not fetch certificate from %s" % _val)
try:
self.signkey = RSA.importKey(
open(self.config.getattr("key_file", ""), 'r').read(),
passphrase=self.config.key_file_passphrase)
except (KeyError, TypeError):
self.signkey = None
HTTPBase.__init__(self, self.config.verify_ssl_cert,
self.config.ca_certs, self.config.key_file,
self.config.cert_file)
if self.config.vorg:
for vo in self.config.vorg.values():
vo.sp = self
self.metadata = self.config.metadata
self.config.setup_logger()
self.debug = self.config.debug
self.sec = security_context(self.config)
if virtual_organization:
if isinstance(virtual_organization, basestring):
self.vorg = self.config.vorg[virtual_organization]
elif isinstance(virtual_organization, VirtualOrg):
self.vorg = virtual_organization
else:
self.vorg = None
self.artifact = {}
if self.metadata:
self.sourceid = self.metadata.construct_source_id()
else:
self.sourceid = {}示例4: test_crypto_backend
def test_crypto_backend():
idpc = IdPConfig()
idpc.load(IDP_XMLSECURITY)
assert idpc.crypto_backend == 'XMLSecurity'
sec = security_context(idpc)
assert isinstance(sec.crypto, CryptoBackendXMLSecurity)示例5: test_xbox_non_ascii_ava
def test_xbox_non_ascii_ava():
conf = config.SPConfig()
conf.load_file("server_conf")
md = MetadataStore([saml, samlp], None, conf)
md.load("local", IDP_EXAMPLE)
conf.metadata = md
conf.only_use_keys_in_metadata = False
sec = sigver.security_context(conf)
assertion = factory(
saml.Assertion, version="2.0", id="11111",
issue_instant="2009-10-30T13:20:28Z",
signature=sigver.pre_signature_part("11111", sec.my_cert, 1),
attribute_statement=do_attribute_statement(
{
("", "", "surName"): ("Föö", ""),
("", "", "givenName"): ("Bär", ""),
}
)
)
sigass = sec.sign_statement(
assertion,
class_name(assertion),
key_file=PRIV_KEY,
node_id=assertion.id,
)
_ass0 = saml.assertion_from_string(sigass)
encrypted_assertion = EncryptedAssertion()
encrypted_assertion.add_extension_element(_ass0)
_, pre = make_temp(
str(pre_encryption_part()).encode('utf-8'), decode=False
)
enctext = sec.crypto.encrypt(
str(encrypted_assertion),
conf.cert_file,
pre,
"des-192",
'/*[local-name()="EncryptedAssertion"]/*[local-name()="Assertion"]',
)
decr_text = sec.decrypt(enctext, key_file=PRIV_KEY)
_seass = saml.encrypted_assertion_from_string(decr_text)
assertions = []
assers = extension_elements_to_elements(
_seass.extension_elements, [saml, samlp]
)
for ass in assers:
_txt = sec.verify_signature(
str(ass), PUB_KEY, node_name=class_name(assertion)
)
if _txt:
assertions.append(ass)
assert assertions
print(assertions)示例6: __init__
def __init__(self, cargs, kwargs):
self.nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
_cnf = kwargs['conf']
res = read_multi_conf(_cnf, True)
eds = []
for key, cnf in res.items():
eds.append(entity_descriptor(cnf))
valid_for = 0
"""
Setting things to None here that are now unused, but might be useful someday
"""
conf = Config()
conf.key_file = None
conf.cert_file = None
conf.debug = 1
conf.xmlsec_binary = None
args_name = None
args_id = None
args_sign = None
secc = security_context(conf)
desc, xmldoc = entities_descriptor(eds, valid_for, args_name, args_id,
args_sign, secc)
valid_instance(desc)
self.desc = desc
self.xmldoc = xmldoc示例7: setup_class
def setup_class(self):
# This would be one way to initialize the security context :
#
# conf = config.SPConfig()
# conf.load_file("server_conf")
# conf.only_use_keys_in_metadata = False
#
# but instead, FakeConfig() is used to really only use the minimal
# set of parameters needed for these test cases. Other test cases
# (TestSecurityMetadata below) excersise the SPConfig() mechanism.
#
conf = FakeConfig()
self.sec = sigver.security_context(FakeConfig())
self._assertion = factory(
saml.Assertion,
version="2.0",
id="11111",
issue_instant="2009-10-30T13:20:28Z",
signature=sigver.pre_signature_part("11111", self.sec.my_cert, 1),
attribute_statement=do_attribute_statement({
("", "", "surName"): ("Foo", ""),
("", "", "givenName"): ("Bar", ""),
})
)示例8: __init__
def __init__(
self,
onts,
attrc,
config,
ca_certs=None,
check_validity=True,
disable_ssl_certificate_validation=False,
filter=None,
):
"""
:params onts:
:params attrc:
:params config: Config()
:params ca_certs:
:params disable_ssl_certificate_validation:
"""
self.onts = onts
self.attrc = attrc
if disable_ssl_certificate_validation:
self.http = HTTPBase(verify=False, ca_bundle=ca_certs)
else:
self.http = HTTPBase(verify=True, ca_bundle=ca_certs)
self.security = security_context(config)
self.ii = 0
self.metadata = {}
self.check_validity = check_validity
self.filter = filter示例9: test_xmlsec_err_non_ascii_ava
def test_xmlsec_err_non_ascii_ava():
conf = config.SPConfig()
conf.load_file("server_conf")
md = MetadataStore([saml, samlp], None, conf)
md.load("local", IDP_EXAMPLE)
conf.metadata = md
conf.only_use_keys_in_metadata = False
sec = sigver.security_context(conf)
assertion = factory(
saml.Assertion, version="2.0", id="11111",
issue_instant="2009-10-30T13:20:28Z",
signature=sigver.pre_signature_part("11111", sec.my_cert, 1),
attribute_statement=do_attribute_statement(
{("", "", "surName"): ("Föö", ""),
("", "", "givenName"): ("Bär", ""), })
)
with raises(XmlsecError):
sec.sign_statement(
assertion,
class_name(assertion),
key_file=INVALID_KEY,
node_id=assertion.id,
)示例10: response_factory
def response_factory(xmlstr, conf, return_addr=None, outstanding_queries=None,
timeslack=0, decode=True, request_id=0, origxml=None,
asynchop=True, allow_unsolicited=False):
sec_context = security_context(conf)
if not timeslack:
try:
timeslack = int(conf.accepted_time_diff)
except TypeError:
timeslack = 0
attribute_converters = conf.attribute_converters
entity_id = conf.entityid
response = StatusResponse(sec_context, return_addr, timeslack, request_id,
asynchop)
try:
response.loads(xmlstr, decode, origxml)
if response.response.assertion or response.response.encrypted_assertion:
authnresp = AuthnResponse(sec_context, attribute_converters,
entity_id, return_addr,
outstanding_queries, timeslack, asynchop,
allow_unsolicited)
authnresp.update(response)
return authnresp
except TypeError:
response.signature_check = sec_context.correctly_signed_logout_response
response.loads(xmlstr, decode, origxml)
logoutresp = LogoutResponse(sec_context, return_addr, timeslack,
asynchop=asynchop)
logoutresp.update(response)
return logoutresp
return response示例11: __init__
def __init__(self, config=None,
identity_cache=None, state_cache=None,
virtual_organization=None, config_file="", logger=None):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: Which if any virtual organization this
SP belongs to
"""
self.users = Population(identity_cache)
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
if config:
self.config = config
elif config_file:
self.config = config_factory("sp", config_file)
else:
raise Exception("Missing configuration")
self.metadata = self.config.metadata
if logger is None:
self.logger = self.config.setup_logger()
else:
self.logger = logger
# we copy the config.debug variable in an internal
# field for convenience and because we may need to
# change it during the tests
self.debug = self.config.debug
self.sec = security_context(self.config, log=self.logger,
debug=self.debug)
if virtual_organization:
self.vorg = VirtualOrg(self, virtual_organization)
else:
self.vorg = None
if "allow_unsolicited" in self.config:
self.allow_unsolicited = self.config.allow_unsolicited
else:
self.allow_unsolicited = False
if getattr(self.config, 'authn_requests_signed', 'false') == 'true':
self.authn_requests_signed_default = True
else:
self.authn_requests_signed_default = False
if getattr(self.config, 'logout_requests_signed', 'false') == 'true':
self.logout_requests_signed_default = True
else:
self.logout_requests_signed_default = False示例12: authn_response
def authn_response(
conf,
return_addrs,
outstanding_queries=None,
timeslack=0,
asynchop=True,
allow_unsolicited=False,
want_assertions_signed=False,
):
sec = security_context(conf)
if not timeslack:
try:
timeslack = int(conf.accepted_time_diff)
except TypeError:
timeslack = 0
return AuthnResponse(
sec,
conf.attribute_converters,
conf.entityid,
return_addrs,
outstanding_queries,
timeslack,
asynchop=asynchop,
allow_unsolicited=allow_unsolicited,
want_assertions_signed=want_assertions_signed,
)示例13: get_metadata
def get_metadata(self):
"""Returns SAML Identity Provider Metadata"""
edesc = entity_descriptor(self._config, 24)
if self._config.key_file:
edesc = sign_entity_descriptor(edesc, 24, None, security_context(self._config))
response = make_response(str(edesc))
response.headers['Content-type'] = 'text/xml; charset=utf-8'
return response示例14: test_only_use_keys_in_metadata
def test_only_use_keys_in_metadata(self):
conf = config.SPConfig()
conf.load_file("sp_2_conf")
sc = security_context(conf)
# should fail
raises(MissingKey,
'sc.correctly_signed_response("%s" % self._sign_resp_)')示例15: __init__
def __init__(self, config=None, identity_cache=None, state_cache=None,
virtual_organization="",config_file=""):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
self.users = Population(identity_cache)
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
if config:
self.config = config
elif config_file:
self.config = config_factory("sp", config_file)
else:
raise Exception("Missing configuration")
if self.config.vorg:
for vo in self.config.vorg.values():
vo.sp = self
self.metadata = self.config.metadata
self.config.setup_logger()
# we copy the config.debug variable in an internal
# field for convenience and because we may need to
# change it during the tests
self.debug = self.config.debug
self.sec = security_context(self.config)
if virtual_organization:
if isinstance(virtual_organization, basestring):
self.vorg = self.config.vorg[virtual_organization]
elif isinstance(virtual_organization, VirtualOrg):
self.vorg = virtual_organization
else:
self.vorg = {}
for foo in ["allow_unsolicited", "authn_requests_signed",
"logout_requests_signed"]:
if self.config.getattr("sp", foo) == 'true':
setattr(self, foo, True)
else:
setattr(self, foo, False)
# extra randomness
self.seed = rndstr(32)
self.logout_requests_signed_default = True
self.allow_unsolicited = self.config.getattr("allow_unsolicited", "sp")