|
| 1 | +#!/usr/bin/env python |
| 2 | +from saml2.md import EntitiesDescriptor |
| 3 | +from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext |
| 4 | +from saml2.httpbase import HTTPBase |
| 5 | + |
| 6 | +from saml2 import saml |
| 7 | +from saml2 import md |
| 8 | +from saml2.attribute_converter import ac_factory |
| 9 | +from saml2.extension import dri |
| 10 | +from saml2.extension import idpdisc |
| 11 | +from saml2.extension import mdattr |
| 12 | +from saml2.extension import mdrpi |
| 13 | +from saml2.extension import mdui |
| 14 | +from saml2.extension import shibmd |
| 15 | +from saml2.extension import ui |
| 16 | +import xmldsig |
| 17 | +import xmlenc |
| 18 | + |
| 19 | +import argparse |
| 20 | + |
| 21 | +from saml2.mdstore import MetaDataFile, MetaDataExtern |
| 22 | + |
| 23 | +__author__ = 'rolandh' |
| 24 | + |
| 25 | +""" |
| 26 | +A script that imports and verifies metadata. |
| 27 | +""" |
| 28 | + |
| 29 | + |
| 30 | +ONTS = { |
| 31 | + saml.NAMESPACE: saml, |
| 32 | + mdui.NAMESPACE: mdui, |
| 33 | + mdattr.NAMESPACE: mdattr, |
| 34 | + mdrpi.NAMESPACE: mdrpi, |
| 35 | + dri.NAMESPACE: dri, |
| 36 | + ui.NAMESPACE: ui, |
| 37 | + idpdisc.NAMESPACE: idpdisc, |
| 38 | + md.NAMESPACE: md, |
| 39 | + xmldsig.NAMESPACE: xmldsig, |
| 40 | + xmlenc.NAMESPACE: xmlenc, |
| 41 | + shibmd.NAMESPACE: shibmd |
| 42 | +} |
| 43 | + |
| 44 | + |
| 45 | +parser = argparse.ArgumentParser() |
| 46 | +parser.add_argument('-a', dest='attrsmap') |
| 47 | +parser.add_argument('-o', dest='output', default="local") |
| 48 | +parser.add_argument('-x', dest='xmlsec') |
| 49 | +parser.add_argument('-i', dest='ignore_valid', action='store_true') |
| 50 | +parser.add_argument(dest="conf") |
| 51 | +args = parser.parse_args() |
| 52 | + |
| 53 | +metad = None |
| 54 | + |
| 55 | +output = EntitiesDescriptor() |
| 56 | + |
| 57 | +# config file format |
| 58 | +# local <local file name> |
| 59 | +# external <url> <local file name for certificate use to verify signature> |
| 60 | + |
| 61 | +for line in open(args.conf).readlines(): |
| 62 | + line = line.strip() |
| 63 | + if line[0] == "#": |
| 64 | + continue |
| 65 | + spec = line.split(" ") |
| 66 | + |
| 67 | + if args.ignore_valid: |
| 68 | + kwargs = {"check_validity": False} |
| 69 | + else: |
| 70 | + kwargs = {} |
| 71 | + |
| 72 | + if spec[0] == "local": |
| 73 | + metad = MetaDataFile(ONTS.values(), spec[1], spec[1], **kwargs) |
| 74 | + elif spec[0] == "remote": |
| 75 | + ATTRCONV = ac_factory(args.attrsmap) |
| 76 | + httpc = HTTPBase() |
| 77 | + crypto = _get_xmlsec_cryptobackend(args.xmlsec) |
| 78 | + sc = SecurityContext(crypto, key_type="", cert_type="") |
| 79 | + metad = MetaDataExtern(ONTS.values(), ATTRCONV, spec[1], |
| 80 | + sc, cert=spec[2], http=httpc, **kwargs) |
| 81 | + |
| 82 | + if metad: |
| 83 | + try: |
| 84 | + metad.load() |
| 85 | + except: |
| 86 | + raise |
| 87 | + |
| 88 | + output.entity_descriptor.extend(metad.entities_descr.entity_descriptor) |
| 89 | + |
| 90 | +print output |
| 91 | + |
| 92 | + |
| 93 | + |
0 commit comments