Added algsupport

Author: Roland Hedberg

src/saml2/algsupport.py

@@ -0,0 +1,76 @@
+from subprocess import Popen, PIPE
+from saml2.sigver import get_xmlsec_binary
+from saml2.extension.algsupport import SigningMethod
+from saml2.extension.algsupport import DigestMethod
+
+__author__ = 'roland'
+
+DIGEST_METHODS = {
+    "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
+    "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
+    "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
+    "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
+    "hmac-sha384": 'http://www.w3.org/2001/04/xmldsig-more#sha384',
+    "hmac-sha512": 'http://www.w3.org/2001/04/xmlenc#sha512',
+    "hmac-ripemd160": 'http://www.w3.org/2001/04/xmlenc#ripemd160'
+}
+
+SIGNING_METHODS = {
+    "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
+    "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
+    "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
+    "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
+    "rsa-sha256": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+    "rsa-sha384": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384',
+    "rsa-sha512": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512',
+    "dsa-sha1": 'http,//www.w3.org/2000/09/xmldsig#dsa-sha1',
+    'dsa-sha256': 'http://www.w3.org/2009/xmldsig11#dsa-sha256',
+    'ecdsa_sha1': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha1',
+    'ecdsa_sha224': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha224',
+    'ecdsa_sha256': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha256',
+    'ecdsa_sha384': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha384',
+    'ecdsa_sha512': 'http://www.w3.org/2001/04/xmldsig-more#ECDSA_sha512',
+}
+
+
+def get_algorithm_support(xmlsec):
+    com_list = [xmlsec, '--list-transforms']
+    pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
+
+    p_out = pof.stdout.read().decode('utf-8')
+    p_err = pof.stderr.read().decode('utf-8')
+
+    if not p_err:
+        p = p_out.split('\n')
+        algs = [x.strip('"') for x in p[1].split(',')]
+        digest = []
+        signing = []
+        for alg in algs:
+            if alg in DIGEST_METHODS:
+                digest.append(alg)
+            elif alg in SIGNING_METHODS:
+                signing.append(alg)
+
+        return {"digest": digest, "signing": signing}
+
+    raise SystemError(p_err)
+
+
+def algorithm_support_in_metadata(xmlsec):
+    if xmlsec is None:
+        return []
+
+    support = get_algorithm_support(xmlsec)
+    element_list = []
+    for alg in support["digest"]:
+        element_list.append(DigestMethod(algorithm=DIGEST_METHODS[alg]))
+    for alg in support["signing"]:
+        element_list.append(SigningMethod(algorithm=SIGNING_METHODS[alg]))
+    return element_list
+
+if __name__ == '__main__':
+    xmlsec = get_xmlsec_binary()
+    res = get_algorithm_support(xmlsec)
+    print(res)
+    for a in algorithm_support_in_metadata(xmlsec):
+        print(a)

tests/server2_conf.py

@@ -1,46 +1,47 @@
 from pathutils import full_path
 
 CONFIG = {
-    "entityid" : "urn:mace:example.com:saml:roland:sp",
-    "name" : "urn:mace:example.com:saml:roland:sp",
+    "entityid": "urn:mace:example.com:saml:roland:sp",
+    "name": "urn:mace:example.com:saml:roland:sp",
     "description": "My own SP",
     "service": {
         "sp": {
-            "endpoints":{
-                "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
+            "endpoints": {
+                "assertion_consumer_service": [
+                    "http://lingon.catalogix.se:8087/"],
             },
             "required_attributes": ["surName", "givenName", "mail"],
             "optional_attributes": ["title"],
-            "idp":["urn:mace:example.com:saml:roland:idp"],
+            "idp": ["urn:mace:example.com:saml:roland:idp"],
             "subject_data": "subject_data.db",
         }
     },
-    "debug" : 1,
-    "key_file" : full_path("test.key"),
-    "cert_file" : full_path("test.pem"),
-    "xmlsec_binary" : None,
+    "debug": 1,
+    "key_file": full_path("test.key"),
+    "cert_file": full_path("test.pem"),
+    "xmlsec_binary": None,
     "metadata": {
         "local": [full_path("idp_soap.xml"), full_path("vo_metadata.xml")],
     },
-    "virtual_organization" : {
-        "urn:mace:example.com:it:tek":{
-            "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
+    "virtual_organization": {
+        "urn:mace:example.com:it:tek": {
+            "nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
             "common_identifier": "umuselin",
         }
     },
     "accepted_time_diff": 60,
-    "attribute_map_dir" : full_path("attributemaps"),
+    "attribute_map_dir": full_path("attributemaps"),
     "organization": {
         "name": ("AB Exempel", "se"),
         "display_name": ("AB Exempel", "se"),
         "url": "http://www.example.org",
     },
     "contact_person": [{
-            "given_name": "Roland",
-            "sur_name": "Hedberg",
-            "telephone_number": "+46 70 100 0000",
-            "email_address": ["[email protected]", "[email protected]"],
-            "contact_type": "technical"
-        },
+        "given_name": "Roland",
+        "sur_name": "Hedberg",
+        "telephone_number": "+46 70 100 0000",
+        "email_address": ["[email protected]", "[email protected]"],
+        "contact_type": "technical"
+    },
     ]
 }

tests/sp_mdext_conf.py

@@ -1,4 +1,4 @@
-from pathutils import full_path
+from pathutils import full_path, xmlsec_path
 
 CONFIG = {
     "entityid": "urn:mace:example.com:saml:roland:sp",
@@ -38,7 +38,7 @@
     "debug": 1,
     "key_file": full_path("test.key"),
     "cert_file": full_path("test.pem"),
-    "xmlsec_binary": None,
+    "xmlsec_binary": xmlsec_path,
     "metadata": {
         "local": [full_path("idp_2.xml")],
     },

tests/test_83_md_extensions.py

@@ -12,3 +12,6 @@
 
 assert ed.spsso_descriptor.extensions
 assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
+
+assert ed.extensions
+assert len(ed.extensions.extension_elements) > 1