Merge remote-tracking branch 'upstream/master'

Author: Hans Hörberg

setup.py

@@ -42,6 +42,7 @@ def run_tests(self):
     'python-memcached >= 1.51',
     'pytest',
     'mako',
+    'webob',
     #'pytest-coverage',
 ]
 

src/idp_test/__init__.py

@@ -6,6 +6,7 @@
 import types
 import argparse
 import sys
+import six
 
 import logging
 import imp
@@ -356,7 +357,7 @@ def list_operations(self):
             item = {"id": key, "name": val["name"]}
             try:
                 _desc = val["descr"]
-                if isinstance(_desc, basestring):
+                if isinstance(_desc, six.string_types):
                     item["descr"] = _desc
                 else:
                     item["descr"] = "\n".join(_desc)
@@ -377,7 +378,7 @@ def list_operations(self):
                 item = {"id": key, "name": val["name"]}
                 try:
                     _desc = val["descr"]
-                    if isinstance(_desc, basestring):
+                    if isinstance(_desc, six.string_types):
                         item["descr"] = _desc
                     else:
                         item["descr"] = "\n".join(_desc)

src/idp_test/interaction.py

@@ -2,6 +2,7 @@
 
 import json
 import logging
+import six
 
 from urlparse import urlparse
 from bs4 import BeautifulSoup
@@ -34,7 +35,8 @@ def pick_interaction(interactions, _base="", content="", req=None):
                     _match += 1
                 else:
                     _c = _bs.title.contents
-                    if isinstance(_c, list) and not isinstance(_c, basestring):
+                    if isinstance(_c, list) and not isinstance(
+                      _c, six.string_types):
                         for _line in _c:
                             if val in _line:
                                 _match += 1
@@ -165,7 +167,7 @@ def pick_form(response, url=None, **kwargs):
                         _default = _ava["value"]
                         try:
                             orig_val = form[prop]
-                            if isinstance(orig_val, basestring):
+                            if isinstance(orig_val, six.string_types):
                                 if orig_val == _default:
                                     _form = form
                             elif _default in orig_val:

src/idp_test/package/authn_request.py

@@ -30,20 +30,20 @@ def pre_processing(self, message, args):
         return message
 
 OPERATIONS = {
-    'authn_unkown-issuer': {
+    'authn_unknown-issuer': {
         "name": 'AuthnRequest with unknown issuer',
         "descr": 'AuthnRequest with unknown issuer',
         "sequence": [AuthnRequest_UnknownIssuer],
         "depends": ['authn'],
         "tests": {"pre": [CheckSaml2IntMetaData],
                   "post": [CheckSaml2IntAttributes]}
     },
-    'authn_unkown-extension': {
+    'authn_unknown-extension': {
         "name": 'AuthnRequest with unknown extension',
         "descr": 'AuthnRequest with unknown extension',
         "sequence": [AuthnRequest_UnknownExtension],
         "depends": ['authn'],
         "tests": {"pre": [CheckSaml2IntMetaData],
                   "post": [CheckSaml2IntAttributes]}
     },
-}
+}

src/saml2/__init__.py

@@ -675,7 +675,11 @@ def to_string(self, nspair=None):
         return ElementTree.tostring(self._to_element_tree(), encoding="UTF-8")
 
     def __str__(self):
-        return self.to_string()
+        # Yes this is confusing. http://bugs.python.org/issue10942
+        x = self.to_string()
+        if not isinstance(x, six.string_types):
+            x = x.decode('utf-8')
+        return x
 
     def keyswv(self):
         """ Return the keys of attributes or children that has values

src/saml2/assertion.py

@@ -6,7 +6,7 @@
 import re
 from saml2.saml import NAME_FORMAT_URI
 import six
-import xmlenc
+from saml2 import xmlenc
 
 from saml2 import saml
 

src/saml2/cert.py

@@ -4,6 +4,7 @@
 import datetime
 import dateutil.parser
 import pytz
+import six
 from OpenSSL import crypto
 from os.path import join
 from os import remove
@@ -154,10 +155,13 @@ def create_certificate(self, cert_info, request=False, valid_from=0,
                 tmp_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
             tmp_key = None
             if cipher_passphrase is not None:
+                passphrase = cipher_passphrase["passphrase"]
+                if isinstance(cipher_passphrase["passphrase"],
+                              six.string_types):
+                    passphrase = passphrase.encode('utf-8')
                 tmp_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k,
                                                  cipher_passphrase["cipher"],
-                                                 cipher_passphrase[
-                                                     "passphrase"])
+                                                 passphrase)
             else:
                 tmp_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
             if write_to_file:
@@ -190,7 +194,7 @@ def write_str_to_file(self, file, str_data):
         f.close()
 
     def read_str_from_file(self, file, type="pem"):
-        f = open(file)
+        f = open(file, 'rt')
         str_data = f.read()
         f.close()
 
@@ -257,7 +261,10 @@ def create_cert_signed_certificate(self, sign_cert_str, sign_key_str,
         cert.set_pubkey(req_cert.get_pubkey())
         cert.sign(ca_key, hash_alg)
 
-        return crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+        cert_dump = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+        if isinstance(cert_dump, six.string_types):
+            return cert_dump
+        return cert_dump.decode('utf-8')
 
     def verify_chain(self, cert_chain_str_list, cert_str):
         """
@@ -327,6 +334,8 @@ def verify(self, signing_cert_str, cert_str):
                                "signed certificate.")
 
             cert_algorithm = cert.get_signature_algorithm()
+            if six.PY3:
+                cert_algorithm = cert_algorithm.decode('ascii')
 
             cert_asn1 = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
 
@@ -342,7 +351,9 @@ def verify(self, signing_cert_str, cert_str):
 
             signature_payload = cert_signature_decoded.payload
 
-            if signature_payload[0] != '\x00':
+            sig_pay0 = signature_payload[0]
+            if ((isinstance(sig_pay0, int) and sig_pay0 != 0) or
+                (isinstance(sig_pay0, str) and sig_pay0 != '\x00')):
                 return (False,
                        "The certificate should not contain any unused bits.")
 
@@ -355,4 +366,4 @@ def verify(self, signing_cert_str, cert_str):
             except crypto.Error as e:
                 return False, "Certificate is incorrectly signed."
         except Exception as e:
-            return False, "Certificate is not valid for an unknown reason."
+            return False, "Certificate is not valid for an unknown reason. %s" % str(e)

src/saml2/client_base.py

@@ -6,8 +6,8 @@
 to conclude its tasks.
 """
 import threading
-from urllib import urlencode
-from urlparse import urlparse
+from six.moves.urllib.parse import urlencode
+from six.moves.urllib.parse import urlparse
 import six
 
 from saml2.entity import Entity
@@ -25,7 +25,7 @@
 import time
 from saml2.soap import make_soap_enveloped_saml_thingy
 
-from urlparse import parse_qs
+from six.moves.urllib.parse import parse_qs
 
 from saml2.s_utils import signature, UnravelError, exception_trace
 from saml2.s_utils import do_attributes

src/saml2/config.py

@@ -8,6 +8,7 @@
 import re
 import logging
 import logging.handlers
+import six
 
 from importlib import import_module
 
@@ -300,7 +301,7 @@ def load_complex(self, cnf, typ="", metadata_construction=False):
 
     def unicode_convert(self, item):
         try:
-            return unicode(item, "utf-8")
+            return six.text_type(item, "utf-8")
         except TypeError:
             _uc = self.unicode_convert
             if isinstance(item, dict):

src/saml2/entity.py

@@ -5,6 +5,7 @@
 from hashlib import sha1
 from Crypto.PublicKey import RSA
 import requests
+import six
 from saml2.metadata import ENDPOINTS
 from saml2.profile import paos, ecp
 from saml2.soap import parse_soap_enveloped_saml_artifact_resolve
@@ -157,7 +158,7 @@ def __init__(self, entity_type, config=None, config_file="",
         self.sec = security_context(self.config)
 
         if virtual_organization:
-            if isinstance(virtual_organization, basestring):
+            if isinstance(virtual_organization, six.string_types):
                 self.vorg = self.config.vorg[virtual_organization]
             elif isinstance(virtual_organization, VirtualOrg):
                 self.vorg = virtual_organization
@@ -282,7 +283,7 @@ def pick_binding(self, service, bindings=None, descr_type="", request=None,
         #logger.error("Bindings: %s" % bindings)
         #logger.error("Entities: %s" % self.metadata)
 
-        raise SAMLError("Unkown entity or unsupported bindings")
+        raise SAMLError("Unknown entity or unsupported bindings")
 
     def message_args(self, message_id=0):
         if not message_id: