1#!/usr/bin/env python 2from saml2.sigver import _get_xmlsec_cryptobackend, SecurityContext 3from saml2.httpbase import HTTPBase 4from saml2.attribute_converter import ac_factory 5import argparse 6 7from saml2.mdstore import MetaDataFile, MetaDataExtern, MetadataStore 8 9__author__ = 'rolandh' 10 11""" 12A script that imports and verifies metadata. 13""" 14 15parser = argparse.ArgumentParser() 16parser.add_argument('-a', dest='attrsmap') 17parser.add_argument('-o', dest='output', default="local") 18parser.add_argument('-x', dest='xmlsec') 19parser.add_argument('-i', dest='ignore_valid', action='store_true') 20parser.add_argument(dest="conf") 21args = parser.parse_args() 22 23metad = None 24 25# config file format 26# 27# local <local file name> 28# remote <url> <local file name for certificate use to verify signature> 29# 30# for instance 31# 32#local metadata_sp_1.xml 33#local InCommon-metadata.xml 34#remote https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2 kalmar2.pem 35# 36 37ATTRCONV = ac_factory(args.attrsmap) 38 39mds = MetadataStore(None, None) 40 41for line in open(args.conf).readlines(): 42 line = line.strip() 43 if len(line) == 0: 44 continue 45 elif line[0] == "#": 46 continue 47 spec = line.split(" ") 48 49 if args.ignore_valid: 50 kwargs = {"check_validity": False} 51 else: 52 kwargs = {} 53 54 if spec[0] == "local": 55 metad = MetaDataFile(spec[1], spec[1], **kwargs) 56 elif spec[0] == "remote": 57 ATTRCONV = ac_factory(args.attrsmap) 58 httpc = HTTPBase() 59 crypto = _get_xmlsec_cryptobackend(args.xmlsec) 60 sc = SecurityContext(crypto, key_type="", cert_type="") 61 metad = MetaDataExtern(ATTRCONV, spec[1], sc, cert=spec[2], http=httpc, 62 **kwargs) 63 64 if metad is not None: 65 try: 66 metad.load() 67 except: 68 raise 69 70 mds.metadata[spec[1]] = metad 71 72print(mds.dumps(args.output)) 73 74 75