Merge remote-tracking branch 'upstream/master'

Author: Hans Hörberg

doc/conf.py

@@ -45,9 +45,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '0.4'
+version = '1.2'
 # The full version, including alpha/beta/rc tags.
-release = '0.4.2'
+release = '1.2.0beta'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

doc/install.rst

@@ -10,8 +10,8 @@ Install PySAML2
 ---------------
 
 For all this to work you need to have Python installed. 
-The development has been done using 2.6.
-There is no 3.X version yet.
+The development has been done using 2.7.
+There is now a 3.X version.
 
 Prerequisites
 ^^^^^^^^^^^^^
@@ -21,19 +21,17 @@ if it's recent enough, or if the Python is too old you have to install it,
 for instance by getting it from the Python Package Instance by using 
 easy_install.
 
-You also need xmlsec which you can download from http://www.aleksey.com/xmlsec/
+You also need xmlsec1 which you can download from http://www.aleksey.com/xmlsec/
 
-If you're on OS X you can get xmlsec installed from MacPorts or Fink.
+If you're on OS X you can get xmlsec1 installed from MacPorts or Fink.
 
 Depending on how you are going to use PySAML2 you might also need
 
 * Mako
 * pyASN1
-* repoze.who (make sure you get 1.0.16 and not 2.0)
-* decorator
+* repoze.who
 * python-memcache
 * memcached
-* M2Crypto
 
 Quick build instructions
 ^^^^^^^^^^^^^^^^^^^^^^^^
@@ -44,6 +42,10 @@ Once you have installed all the necessary prerequisites a simple::
 
 will install the basic code.
 
+Note for rhel/centos 6: cffi depends on libffi-devel, and cryptography on openssl-devel to compile
+So you might want first to do:
+yum install libffi-devel openssl-devel
+
 After this you ought to be able to run the tests without an hitch.
 The tests are based on the pypy test environment, so::
 

setup.py

@@ -45,7 +45,8 @@ def run_tests(self):
     'repoze.who',
     'pycrypto',  # 'Crypto'
     'pytz',
-    'pyOpenSSL'
+    'pyOpenSSL',
+    'python-dateutil'
 ]
 
 tests_require = [

src/saml2/__init__.py

@@ -444,13 +444,12 @@ class SamlBase(ExtensionContainer):
     c_children = {}
     c_attributes = {}
     c_attribute_type = {}
-    #c_attribute_use = {}
-    #c_attribute_required = {}
     c_child_order = []
     c_cardinality = {}
     c_any = None
     c_any_attribute = None
     c_value_type = None
+    c_ns_prefix = None
 
     def _get_all_c_children_with_order(self):
         if len(self.c_child_order) > 0:
@@ -549,6 +548,9 @@ def to_string(self, nspair=None):
             constructing the text representation.
         :return: String representation of the object
         """
+        if not nspair and self.c_ns_prefix:
+            nspair = self.c_ns_prefix
+
         if nspair:
             for prefix, uri in nspair.items():
                 try:

src/saml2/attributemaps/saml_uri.py

@@ -7,7 +7,7 @@
 UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.'
 PKCS_9 = "urn:oid:1.2.840.113549.1.9.1."
 UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
-SCHAC = "urn:oid:1.3.6.1.4.1.25178.2."
+SCHAC = "urn:oid:1.3.6.1.4.1.25178.1.2."
 
 #urn:oid:1.3.6.1.4.1.1466.115.121.1.26
 

src/saml2/client.py

@@ -254,12 +254,6 @@ def handle_logout_response(self, response):
                                   status["reason"], status["not_on_or_after"],
                                   status["sign"])
 
-    # ========================================================================
-    # MUST use SOAP for
-    # AssertionIDRequest, SubjectQuery, AuthnQuery, AttributeQuery or
-    # AuthzDecisionQuery
-    # ========================================================================
-
     def _use_soap(self, destination, query_type, **kwargs):
         _create_func = getattr(self, "create_%s" % query_type)
         _response_func = getattr(self, "parse_%s_response" % query_type)
@@ -432,13 +426,14 @@ def handle_logout_request(self, request, name_id, binding, sign=False,
         :param sign: Whether the response will be signed or not
         :return: Keyword arguments which can be used to send the response
             what's returned follow different patterns for different bindings.
-            If the binding is BINDIND_SOAP, what is returned looks like this:
-            {
-                "data": <the SOAP enveloped response>
-                "url": "",
-                'headers': [('content-type', 'application/soap+xml')]
-                'method': "POST
-            }
+            If the binding is BINDIND_SOAP, what is returned looks like this::
+
+                {
+                    "data": <the SOAP enveloped response>
+                    "url": "",
+                    'headers': [('content-type', 'application/soap+xml')]
+                    'method': "POST
+                }
         """
         logger.info("logout request: %s" % request)
 

src/saml2/config.py

@@ -70,7 +70,8 @@
     "verify_encrypt_cert",
     "tmp_cert_file",
     "tmp_key_file",
-    "validate_certificate"
+    "validate_certificate",
+    "extensions"
 ]
 
 SP_ARGS = [
@@ -219,6 +220,7 @@ def __init__(self, homedir="."):
         self.tmp_cert_file = None
         self.tmp_key_file = None
         self.validate_certificate = None
+        self.extensions = {}
 
     def setattr(self, context, attr, val):
         if context == "":
@@ -337,6 +339,9 @@ def load(self, cnf, metadata_construction=False):
                 except KeyError:
                     pass
 
+        if "extensions" in cnf:
+            self.do_extensions(cnf["extensions"])
+
         self.load_complex(cnf, metadata_construction=metadata_construction)
         self.context = self.def_context
 
@@ -480,6 +485,11 @@ def endpoint2service(self, endpoint, context=None):
 
         return None, None
 
+    def do_extensions(self, extensions):
+        for key, val in extensions.items():
+            self.extensions[key] = val
+
+
 class SPConfig(Config):
     def_context = "sp"
 

src/saml2/entity_category/incommon.py

@@ -1,10 +1,11 @@
 __author__ = 'rolandh'
 
-INC = "http://id.incommon.org/category/research-and-scholarship"
+RESEARCH_AND_SCHOLARSHIP = "http://id.incommon.org/category/research-and-scholarship"
 
 RELEASE = {
     "": ["eduPersonTargetedID"],
-    INC: ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "mail",
-          "givenName", "sn", "displayName"]
+    RESEARCH_AND_SCHOLARSHIP: ["eduPersonPrincipalName",
+                               "eduPersonScopedAffiliation", "mail",
+                               "givenName", "sn", "displayName"]
 }
 

src/saml2/entity_category/refeds.py

@@ -0,0 +1,11 @@
+__author__ = 'rolandh'
+
+RESEARCH_AND_SCHOLARSHIP = "http://refeds.org/category/research-and-scholarship"
+
+RELEASE = {
+    "": ["eduPersonTargetedID"],
+    RESEARCH_AND_SCHOLARSHIP: ["eduPersonPrincipalName",
+                               "eduPersonScopedAffiliation", "mail",
+                               "givenName", "sn", "displayName"]
+}
+

src/saml2/entity_category/swamid.py

@@ -2,7 +2,7 @@
 
 
 NAME = ["givenName", "displayName", "sn"]
-STATIC_ORG_INFO = ["c", "o", "co"]
+STATIC_ORG_INFO = ["c", "o", "co", "norEduOrgAcronym", "schacHomeOrganization"]
 OTHER = ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "mail"]
 
 # These give you access to information