1# -*- coding: utf-8 -*-
2
3""" OneLogin_Saml2_Constants class
4
5Copyright (c) 2010-2021 OneLogin, Inc.
6MIT License
7
8Constants class of OneLogin's Python Toolkit.
9
10"""
11
12
13class OneLogin_Saml2_Constants(object):
14    """
15
16    This class defines all the constants that will be used
17    in the OneLogin's Python Toolkit.
18
19    """
20
21    # Value added to the current time in time condition validations
22    ALLOWED_CLOCK_DRIFT = 300
23
24    # NameID Formats
25    NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
26    NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'
27    NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'
28    NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
29    NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'
30    NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
31    NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
32    NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
33    NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'
34
35    # Attribute Name Formats
36    ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'
37    ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
38    ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'
39
40    # Namespaces
41    NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'
42    NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'
43    NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'
44    NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'
45    NS_XS = 'http://www.w3.org/2001/XMLSchema'
46    NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
47    NS_XENC = 'http://www.w3.org/2001/04/xmlenc#'
48    NS_DS = 'http://www.w3.org/2000/09/xmldsig#'
49
50    # Namespace Prefixes
51    NS_PREFIX_SAML = 'saml'
52    NS_PREFIX_SAMLP = 'samlp'
53    NS_PREFIX_MD = 'md'
54    NS_PREFIX_XS = 'xs'
55    NS_PREFIX_XSI = 'xsi'
56    NS_PREFIX_XSD = 'xsd'
57    NS_PREFIX_XENC = 'xenc'
58    NS_PREFIX_DS = 'ds'
59
60    # Prefix:Namespace Mappings
61    NSMAP = {
62        NS_PREFIX_SAMLP: NS_SAMLP,
63        NS_PREFIX_SAML: NS_SAML,
64        NS_PREFIX_DS: NS_DS,
65        NS_PREFIX_XENC: NS_XENC,
66        NS_PREFIX_MD: NS_MD
67    }
68
69    # Bindings
70    BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
71    BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
72    BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
73    BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'
74    BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'
75
76    # Auth Context Class
77    AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'
78    AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
79    AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
80    AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
81    AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard'
82    AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'
83
84    # Subject Confirmation
85    CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'
86    CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'
87    CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'
88
89    # Status Codes
90    STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'
91    STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'
92    STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'
93    STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'
94    STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'
95    STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'
96    STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'
97
98    # Sign & Crypto
99    SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1'
100    SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
101    SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384'
102    SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
103
104    DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
105    RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
106    RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
107    RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
108    RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
109
110    # Enc
111    TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'
112    AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc'
113    AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc'
114    AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
115    RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'
116    RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p'
117