1
|
import re
|
2
|
import os
|
3
|
|
4
|
import lasso
|
5
|
|
6
|
from quixote import get_publisher, get_request
|
7
|
|
8
|
from qommon.misc import get_abs_path
|
9
|
|
10
|
from hosts import Host
|
11
|
|
12
|
def get_root_url():
|
13
|
req = get_request()
|
14
|
return '%s://%s%s' % (req.get_scheme(), req.get_server(), req.environ['SCRIPT_NAME'])
|
15
|
|
16
|
def get_proxied_site_path():
|
17
|
host = Host.get_host_from_url()
|
18
|
if host is None:
|
19
|
return None
|
20
|
return host.site_dir
|
21
|
|
22
|
def get_proxied_site_domain():
|
23
|
return get_request().get_server().split(':')[0]
|
24
|
|
25
|
def get_identity_provider_config():
|
26
|
get_publisher().reload_cfg()
|
27
|
idps_dir = get_abs_path('idp')
|
28
|
if get_publisher().cfg.has_key('idp'):
|
29
|
idp_dir = os.path.join(idps_dir, get_publisher().cfg['idp'])
|
30
|
|
31
|
metadata_path = os.path.join(idp_dir, 'metadata.xml')
|
32
|
|
33
|
public_key_path = os.path.join(idp_dir, 'public_key')
|
34
|
if not os.path.isfile(public_key_path):
|
35
|
public_key_path = None
|
36
|
|
37
|
ca_cert_chain_path = os.path.join(idp_dir, 'ca_cert_chain.pem')
|
38
|
if not os.path.isfile(ca_cert_chain_path):
|
39
|
ca_cert_chain_path = None
|
40
|
|
41
|
return metadata_path, public_key_path, ca_cert_chain_path
|
42
|
return None, None, None
|
43
|
|
44
|
def get_lasso_server(protocol='liberty'):
|
45
|
proxied_site_path = get_proxied_site_path()
|
46
|
if proxied_site_path is None:
|
47
|
return None
|
48
|
if protocol == 'liberty':
|
49
|
server = lasso.Server(
|
50
|
os.path.join(proxied_site_path, 'metadata.xml'),
|
51
|
os.path.join(proxied_site_path, 'private_key.pem'),
|
52
|
None, None)
|
53
|
elif protocol == 'saml2':
|
54
|
server = lasso.Server(
|
55
|
os.path.join(proxied_site_path, 'saml2_metadata.xml'),
|
56
|
os.path.join(proxied_site_path, 'private_key.pem'),
|
57
|
None, None)
|
58
|
else:
|
59
|
raise 'Unknown protocol'
|
60
|
|
61
|
metadata_path, public_key_path, ca_cert_chain_path = get_identity_provider_config()
|
62
|
if metadata_path:
|
63
|
try:
|
64
|
server.addProvider(
|
65
|
lasso.PROVIDER_ROLE_IDP,
|
66
|
metadata_path,
|
67
|
public_key_path,
|
68
|
ca_cert_chain_path)
|
69
|
except lasso.Error, error:
|
70
|
if error[0] == lasso.SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH:
|
71
|
return None
|
72
|
if error[0] == lasso.SERVER_ERROR_ADD_PROVIDER_FAILED:
|
73
|
return None
|
74
|
raise
|
75
|
|
76
|
return server
|
77
|
|
78
|
def get_provider_label(provider):
|
79
|
if not provider:
|
80
|
return None
|
81
|
if not hasattr(provider, str('getOrganization')):
|
82
|
return provider.providerId
|
83
|
|
84
|
organization = provider.getOrganization()
|
85
|
if not organization:
|
86
|
return provider.providerId
|
87
|
|
88
|
name = re.findall("<OrganizationDisplayName.*>(.*?)</OrganizationDisplayName>", organization)
|
89
|
if not name:
|
90
|
name = re.findall("<OrganizationName.*>(.*?)</OrganizationName>", organization)
|
91
|
if not name:
|
92
|
return provider.providerId
|
93
|
return name[0]
|
94
|
|
95
|
def get_current_protocol():
|
96
|
metadata_path, public_key_path, ca_cert_chain_path = get_identity_provider_config()
|
97
|
if not metadata_path:
|
98
|
return None
|
99
|
try:
|
100
|
provider = lasso.Provider(lasso.PROVIDER_ROLE_IDP, metadata_path, public_key_path, None)
|
101
|
except lasso.Error:
|
102
|
return None
|
103
|
else:
|
104
|
return provider.getProtocolConformance()
|
105
|
|