Added extension schema for the PE_FIM use case and a test of the same. More about PE-FIM here http://arxiv.org/abs/1401.4726

Roland Hedberg · Roland Hedberg · commit cbb0c8ebd6f2 · 2014-03-12T15:00:35.000+01:00
diff --git a/src/saml2/extension/pefim.py b/src/saml2/extension/pefim.py
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+import saml2
+from saml2 import SamlBase
+from xmldsig import X509Data
+
+NAMESPACE = 'urn:net:eustix:names:tc:PEFIM:0.0:assertion'
+
+
+class SPCertEncType_(SamlBase):
+    """The urn:net:eustix:names:tc:PEFIM:0.0:assertion:SPCertEncType element """
+
+    c_tag = 'SPCertEncType'
+    c_namespace = NAMESPACE
+    c_children = SamlBase.c_children.copy()
+    c_attributes = SamlBase.c_attributes.copy()
+    c_child_order = SamlBase.c_child_order[:]
+    c_cardinality = SamlBase.c_cardinality.copy()
+    c_children['{http://www.w3.org/2000/09/xmldsig#}X509Data'] = ('x509_data',
+                                                                  [X509Data])
+
+    def __init__(self,
+                 x509_data=None,
+                 text=None,
+                 extension_elements=None,
+                 extension_attributes=None):
+        SamlBase.__init__(self,
+                          text=text,
+                          extension_elements=extension_elements,
+                          extension_attributes=extension_attributes)
+        self.x509_data = x509_data
+
+
+def spcertenc_type__from_string(xml_string):
+    return saml2.create_class_from_xml_string(SPCertEncType_, xml_string)
+
+
+class SPCertEnc(SPCertEncType_):
+    """The urn:net:eustix:names:tc:PEFIM:0.0:assertion:SPCertEnc element """
+
+    c_tag = 'SPCertEnc'
+    c_namespace = NAMESPACE
+    c_children = SPCertEncType_.c_children.copy()
+    c_attributes = SPCertEncType_.c_attributes.copy()
+    c_child_order = SPCertEncType_.c_child_order[:]
+    c_cardinality = SPCertEncType_.c_cardinality.copy()
+
+
+def spcertenc_from_string(xml_string):
+    return saml2.create_class_from_xml_string(SPCertEnc, xml_string)
+
+
+ELEMENT_FROM_STRING = {
+    SPCertEnc.c_tag: spcertenc_from_string,
+    SPCertEncType_.c_tag: spcertenc_type__from_string,
+}
+
+ELEMENT_BY_TAG = {
+    'SPCertEnc': SPCertEnc,
+    'SPCertEncType': SPCertEncType_,
+}
+
+
+def factory(tag, **kwargs):
+    return ELEMENT_BY_TAG[tag](**kwargs)
+
diff --git a/tests/test_82_pefim.py b/tests/test_82_pefim.py
@@ -0,0 +1,51 @@
+import xmldsig as ds
+from saml2 import config
+from saml2 import extension_elements_to_elements
+from saml2 import element_to_extension_element
+from saml2 import saml
+from saml2.client import Saml2Client
+from saml2.extension import pefim
+from saml2.extension.pefim import SPCertEnc
+from saml2.samlp import Extensions
+from saml2.samlp import authn_request_from_string
+from saml2.sigver import read_cert_from_file
+
+__author__ = 'roland'
+
+conf = config.SPConfig()
+conf.load_file("server_conf")
+client = Saml2Client(conf)
+
+# place a certificate in an authn request
+cert = read_cert_from_file("test.pem", "pem")
+
+spcertenc = SPCertEnc(
+    x509_data=ds.X509Data(
+        x509_certificate=ds.X509Certificate(text=cert)))
+
+extensions = Extensions(
+    extension_elements=[element_to_extension_element(spcertenc)])
+
+req = client.create_authn_request(
+    "http://www.example.com/sso",
+    "urn:mace:example.com:it:tek",
+    nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
+    message_id="666",
+    extensions=extensions)
+
+
+print req
+
+# Get a certificate from an authn request
+
+xml = "%s" % req
+
+parsed = authn_request_from_string(xml)
+
+_elem = extension_elements_to_elements(parsed.extensions.extension_elements,
+                                       [pefim, ds])
+
+assert len(_elem) == 1
+_spcertenc = _elem[0]
+_cert = _spcertenc.x509_data[0].x509_certificate.text
+assert cert == _cert
