IdentityPython
diff --git a/‎.gitignore
Lines changed: 6 additions & 0 deletions b/‎.gitignore
Lines changed: 6 additions & 0 deletions
diff --git a/‎example/idp2/idp.py
Lines changed: 16 additions & 17 deletions b/‎example/idp2/idp.py
Lines changed: 16 additions & 17 deletions
diff --git a/‎example/sp-repoze/sp.xml
Lines changed: 0 additions & 34 deletions b/‎example/sp-repoze/sp.xml
Lines changed: 0 additions & 34 deletions
diff --git a/‎example/sp-repoze/sp_conf.py
Lines changed: 101 additions & 14 deletions b/‎example/sp-repoze/sp_conf.py
Lines changed: 101 additions & 14 deletions
@@ -155,3 +155,9 @@ example/sp/nocert_sp_conf/sp.xml
 example/sp/nocert_sp_conf/sp_conf.py
 
 example/sp/nocert_sp_conf/who.ini
+
+example/sp-repoze/my_sp.xml
+
+example/sp-repoze/pki/localhost.ca.crt
+
+example/sp-repoze/pki/localhost.ca.key
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 import argparse
 import base64
-
+import xmldsig as ds
 import re
 import logging
 import time
@@ -24,6 +24,7 @@
 from saml2.authn_context import PASSWORD
 from saml2.authn_context import UNSPECIFIED
 from saml2.authn_context import authn_context_class_ref
+from saml2.extension import pefim
 from saml2.httputil import Response
 from saml2.httputil import NotFound
 from saml2.httputil import geturl
@@ -38,7 +39,7 @@
 from saml2.s_utils import UnknownPrincipal
 from saml2.s_utils import UnsupportedBinding
 from saml2.s_utils import PolicyError
-from saml2.sigver import verify_redirect_signature
+from saml2.sigver import verify_redirect_signature, cert_from_instance, encrypt_cert_from_item
 
 logger = logging.getLogger("saml2.idp")
 
@@ -125,8 +126,9 @@ def operation(self, _dict, binding):
             return resp(self.environ, self.start_response)
         else:
             try:
+                _encrypt_cert = encrypt_cert_from_item(_dict["req_info"].message)
                 return self.do(_dict["SAMLRequest"], binding,
-                               _dict["RelayState"])
+                               _dict["RelayState"], encrypt_cert=_encrypt_cert)
             except KeyError:
                 # Can live with no relay state
                 return self.do(_dict["SAMLRequest"], binding)
@@ -151,7 +153,7 @@ def response(self, binding, http_args):
             resp = Response(http_args["data"], headers=http_args["headers"])
         return resp(self.environ, self.start_response)
 
-    def do(self, query, binding, relay_state=""):
+    def do(self, query, binding, relay_state="", encrypt_cert=None):
         pass
 
     def redirect(self):
@@ -277,7 +279,7 @@ def verify_request(self, query, binding):
 
         return resp_args, _resp
 
-    def do(self, query, binding_in, relay_state=""):
+    def do(self, query, binding_in, relay_state="", encrypt_cert=None):
         try:
             resp_args, _resp = self.verify_request(query, binding_in)
         except UnknownPrincipal, excp:
@@ -297,13 +299,10 @@ def do(self, query, binding_in, relay_state=""):
             if REPOZE_ID_EQUIVALENT:
                 identity[REPOZE_ID_EQUIVALENT] = self.user
             try:
-                sign_assertion = IDP.config.getattr("sign_assertion", "idp")
-                if sign_assertion is None:
-                    sign_assertion = False
                 _resp = IDP.create_authn_response(
                     identity, userid=self.user,
-                    authn=AUTHN_BROKER[self.environ["idp.authn_ref"]], sign_assertion=sign_assertion,
-                    sign_response=False, **resp_args)
+                    authn=AUTHN_BROKER[self.environ["idp.authn_ref"]], sign_response=False, encrypt_cert=encrypt_cert,
+                    **resp_args)
             except Exception, excp:
                 logging.error(exception_trace(excp))
                 resp = ServiceError("Exception: %s" % (excp,))
@@ -537,7 +536,7 @@ def not_found(environ, start_response):
 #    return subject, sp_entity_id
 
 class SLO(Service):
-    def do(self, request, binding, relay_state=""):
+    def do(self, request, binding, relay_state="", encrypt_cert=None):
         logger.info("--- Single Log Out Service ---")
         try:
             _, body = request.split("\n")
@@ -589,7 +588,7 @@ def do(self, request, binding, relay_state=""):
 
 class NMI(Service):
 
-    def do(self, query, binding, relay_state=""):
+    def do(self, query, binding, relay_state="", encrypt_cert=None):
         logger.info("--- Manage Name ID Service ---")
         req = IDP.parse_manage_name_id_request(query, binding)
         request = req.message
@@ -617,7 +616,7 @@ def do(self, query, binding, relay_state=""):
 
 # Only URI binding
 class AIDR(Service):
-    def do(self, aid, binding, relay_state=""):
+    def do(self, aid, binding, relay_state="", encrypt_cert=None):
         logger.info("--- Assertion ID Service ---")
 
         try:
@@ -646,7 +645,7 @@ def operation(self, _dict, binding, **kwargs):
 # ----------------------------------------------------------------------------
 
 class ARS(Service):
-    def do(self, request, binding, relay_state=""):
+    def do(self, request, binding, relay_state="", encrypt_cert=None):
         _req = IDP.parse_artifact_resolve(request, binding)
 
         msg = IDP.create_artifact_response(_req, _req.artifact.text)
@@ -664,7 +663,7 @@ def do(self, request, binding, relay_state=""):
 
 # Only SOAP binding
 class AQS(Service):
-    def do(self, request, binding, relay_state=""):
+    def do(self, request, binding, relay_state="", encrypt_cert=None):
         logger.info("--- Authn Query Service ---")
         _req = IDP.parse_authn_query(request, binding)
         _query = _req.message
@@ -688,7 +687,7 @@ def do(self, request, binding, relay_state=""):
 
 # Only SOAP binding
 class ATTR(Service):
-    def do(self, request, binding, relay_state=""):
+    def do(self, request, binding, relay_state="", encrypt_cert=None):
         logger.info("--- Attribute Query Service ---")
 
         _req = IDP.parse_attribute_query(request, binding)
@@ -721,7 +720,7 @@ def do(self, request, binding, relay_state=""):
 
 
 class NIM(Service):
-    def do(self, query, binding, relay_state=""):
+    def do(self, query, binding, relay_state="", encrypt_cert=None):
         req = IDP.parse_name_id_mapping_request(query, binding)
         request = req.message
         # Do the necessary stuff
 
@@ -1,44 +1,130 @@
+import uuid
 from saml2 import BINDING_HTTP_REDIRECT
+import saml2
+from saml2.cert import OpenSSLWrapper
+from saml2.extension.idpdisc import BINDING_DISCO
 from saml2.saml import NAME_FORMAT_URI
+#from saml2.sigver import CertHandlerExtra
+from saml2.entity_category.edugain import COC
+from saml2.entity_category.swamid import RESEARCH_AND_EDUCATION
+from saml2.entity_category.swamid import HEI
+from saml2.entity_category.swamid import SFS_1993_1153
+from saml2.entity_category.swamid import NREN
+from saml2.entity_category.swamid import EU
 
+
+#BASE= "http://130.239.200.146:8087"
 BASE= "http://localhost:8087"
 #BASE= "http://lingon.catalogix.se:8087"
 
+"""
+class SpCertHandlerExtraClass(CertHandlerExtra):
+
+    def use_generate_cert_func(self):
+        return True
+
+    def generate_cert(self, generate_cert_info, ca_cert_string, ca_key_string):
+        print "Hello"
+        return (ca_cert_string, ca_key_string)
+
+    def use_validate_cert_func(self):
+        return False
+
+    def validate_cert(self, cert_str, ca_cert_string, ca_key_string):
+        pass
+"""
+
+def generate_cert():
+    sn = uuid.uuid4().urn
+    cert_info = {
+        "cn": "localhost",
+        "country_code": "se",
+        "state": "ac",
+        "city": "Umea",
+        "organization": "ITS",
+        "organization_unit": "DIRG"
+    }
+    osw = OpenSSLWrapper()
+    ca_cert_str = osw.read_str_from_file("/Users/haho0032/Develop/root_cert/localhost.ca.crt")
+    ca_key_str = osw.read_str_from_file("/Users/haho0032/Develop/root_cert/localhost.ca.key")
+    #ca_cert_str = osw.read_str_from_file("/Users/haho0032/Develop/githubFork/pysaml2/example/sp-repoze/pki/localhost.ca.crt")
+    #ca_key_str = osw.read_str_from_file("/Users/haho0032/Develop/githubFork/pysaml2/example/sp-repoze/pki/localhost.ca.key")
+    req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True, sn=sn, key_length=2048)
+    cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
+    return cert_str, req_key_str
+
 CONFIG = {
-    "entityid": "%s/sp.xml" % BASE,
-    "description": "My SP",
+    "entityid": "%s/LocalTestSPHans.xml" % BASE,
+    "description": "Lokal test SP Hans",
+    "entity_category": [COC, RESEARCH_AND_EDUCATION, HEI, SFS_1993_1153, NREN, EU],
+    "generate_cert_func": generate_cert,
+    #Information needed for generated cert (NO CERT) solution.
+    #"only_use_keys_in_metadata": False,
+    #"cert_handler_extra_class": None,#MyCertGeneration(),
+    #"generate_cert_info": {
+    #    "cn": "localhost",
+    #    "country_code": "se",
+    #    "state": "ac",
+    #    "city": "Umea",
+    #    "organization": "ITS Umea University",
+    #    "organization_unit": "DIRG"
+    #},
+    #"tmp_key_file": "pki/tmp_mykey.pem",
+    #"tmp_cert_file": "pki/tmp_mycert.pem",
+    #"validate_certificate": True,
+    #############################################################
     "service": {
         "sp": {
-            "name": "Rolands SP",
+            #Information needed for generated cert (NO CERT) solution.
+            "authn_requests_signed": "true", #Will sign the request!
+            "want_assertions_signed": "false", #Demands that the assertion is signed.
+            "allow_unsolicited": "true", #Allows the message not to be ment for this sp.
+            #############################################################
+            "name": "LocalTestSPHans",
             "endpoints": {
                 "assertion_consumer_service": [BASE],
                 "single_logout_service": [(BASE + "/slo",
                                             BINDING_HTTP_REDIRECT)],
+                "discovery_response": [
+                    ("%s/disco" % BASE, BINDING_DISCO)
+                ]
             },
             "required_attributes": ["surname", "givenname",
                                     "edupersonaffiliation"],
             "optional_attributes": ["title"],
         }
     },
     "debug": 1,
+    #Information needed for generated cert (NO CERT) solution.
     "key_file": "pki/mykey.pem",
     "cert_file": "pki/mycert.pem",
+    #############################################################
     "attribute_map_dir": "./attributemaps",
-    "metadata": {"local": ["../idp2/idp.xml"]},
+    "metadata": {
+        #"local": ["../idp2/idp_nocert.xml"],
+        #"local": ["/Users/haho0032/Develop/svn/trunk/pyOpSamlProxy/idp_nocert.xml"],
+
+        #Information needed for generated cert (NO CERT) solution.
+        #"local": ["/Users/haho0032/Develop/github/IdProxy/idp_nocert.xml"],
+        "local": ["/Users/haho0032/Develop/github/IdProxy/idp.xml"],
+        #"local": ["../idp2/idp.xml"],
+        #############################################################
+
+        #"local": ["/Users/haho0032/Develop/github/IdProxy/idp.xml"],
+    #    #"remote": [{"url": "http://130.239.201.5/role/idp.xml", "cert": None}],
+
+    },
+
+
     # -- below used by make_metadata --
     "organization": {
-        "name": "Exempel AB",
-        "display_name": [("Exempel AB", "se"), ("Example Co.", "en")],
-        "url": "http://www.example.com/roland",
+        "name": "Lokal test SP Hans",
+        "display_name": [("Lokal test SP Hans", "se"), ("Lokal test SP Hans", "en")],
+        "url": "http://130.239.200.146:8087",
     },
-    "contact_person": [{
-        "given_name":"John",
-        "sur_name": "Smith",
-        "email_address": ["[email protected]"],
-        "contact_type": "technical",
-        },
+    "contact_person": [
     ],
-    #"xmlsec_binary":"/opt/local/bin/xmlsec1",
+    "xmlsec_binary": '/usr/local/bin/xmlsec1',
     "name_form": NAME_FORMAT_URI,
     "logger": {
         "rotating": {
@@ -49,3 +135,4 @@
         "loglevel": "debug",
     }
 }
+