utils.py

About this file

We attempted to read from templates/app_lib_onelogin_saml2_utils.py_hw.txt but failed.

Code Check Report


app/lib/onelogin/saml2/utils.py:150:121: E501 line too long (126 > 120 characters)
app/lib/onelogin/saml2/utils.py:177:121: E501 line too long (134 > 120 characters)
app/lib/onelogin/saml2/utils.py:183:121: E501 line too long (142 > 120 characters)
app/lib/onelogin/saml2/utils.py:396:29: W605 invalid escape sequence '\.'
app/lib/onelogin/saml2/utils.py:410:68: W605 invalid escape sequence '\.'
app/lib/onelogin/saml2/utils.py:621:121: E501 line too long (122 > 120 characters)
app/lib/onelogin/saml2/utils.py:655:121: E501 line too long (122 > 120 characters)
app/lib/onelogin/saml2/utils.py:657:121: E501 line too long (140 > 120 characters)
app/lib/onelogin/saml2/utils.py:701:121: E501 line too long (144 > 120 characters)
app/lib/onelogin/saml2/utils.py:793:121: E501 line too long (141 > 120 characters)
app/lib/onelogin/saml2/utils.py:843:121: E501 line too long (163 > 120 characters)
app/lib/onelogin/saml2/utils.py:850:121: E501 line too long (165 > 120 characters)
app/lib/onelogin/saml2/utils.py:864:121: E501 line too long (121 > 120 characters)
app/lib/onelogin/saml2/utils.py:902:121: E501 line too long (121 > 120 characters)
app/lib/onelogin/saml2/utils.py:903:121: E501 line too long (122 > 120 characters)
app/lib/onelogin/saml2/utils.py:908:121: E501 line too long (156 > 120 characters)
app/lib/onelogin/saml2/utils.py:915:121: E501 line too long (134 > 120 characters)
app/lib/onelogin/saml2/utils.py:944:121: E501 line too long (137 > 120 characters)
app/lib/onelogin/saml2/utils.py:949:121: E501 line too long (131 > 120 characters)
app/lib/onelogin/saml2/utils.py:1013:121: E501 line too long (123 > 120 characters)

Documentation drawn from source code

OneLogin_Saml2_Utils class

Copyright (c) 2010-2018 OneLogin, Inc.
MIT License

Auxiliary class of OneLogin's Python Toolkit.

return_false_on_exception(func):

Decorator. When applied to a function, it will, by default, suppress any exceptions
raised by that function and return False. It may be overridden by passing a
raise_exceptions" keyword argument when calling the wrapped function.

exceptfalse(*args, **kwargs):

OneLogin_Saml2_Utils(object):

Auxiliary class that contains several utility methods to parse time,
urls, add sign, encrypt, decrypt, sign validation, handle xml ...

escape_url(url, lowercase_urlencoding=False):

escape the non-safe symbols in url
The encoding used by ADFS 3.0 is not compatible with
python's quote_plus (ADFS produces lower case hex numbers and quote_plus produces
upper case hex numbers)
:param url: the url to escape
:type url: str

:param lowercase_urlencoding: lowercase or no
:type lowercase_urlencoding: boolean

:return: the escaped url
:rtype str

b64encode(data):
base64 encode

b64decode(data):
base64 decode

decode_base64_and_inflate(value, ignore_zip=False):

base64 decodes and then inflates according to RFC1951
:param value: a deflated and encoded string
:type value: string
:param ignore_zip: ignore zip errors
:returns: the string after decoding and inflating
:rtype: string

deflate_and_base64_encode(value):

Deflates and then base64 encodes a string
:param value: The string to deflate and encode
:type value: string
:returns: The deflated and encoded string
:rtype: string

format_cert(cert, heads=True):

Returns a x509 cert (adding header & footer if required).

:param cert: A x509 unformatted cert
:type: string

:param heads: True if we want to include head and footer
:type: boolean

:returns: Formatted cert
:rtype: string

format_private_key(key, heads=True):

Returns a private key (adding header & footer if required).

:param key A private key
:type: string

:param heads: True if we want to include head and footer
:type: boolean

:returns: Formated private key
:rtype: string

redirect(url, parameters={}, request_data={}):

Executes a redirection to the provided url (or return the target url).

:param url: The target url
:type: string

:param parameters: Extra parameters to be passed as part of the url
:type: dict

:param request_data: The request as a dict
:type: dict

:returns: Url
:rtype: string

get_self_url_host(request_data):

Returns the protocol + the current host + the port (if different than
common ports).

:param request_data: The request as a dict
:type: dict

:return: Url
:rtype: string

get_self_host(request_data):

Returns the current host.

:param request_data: The request as a dict
:type: dict

:return: The current host
:rtype: string

is_https(request_data):

Checks if https or http.

:param request_data: The request as a dict
:type: dict

:return: False if https is not active
:rtype: boolean

get_self_url_no_query(request_data):

Returns the URL of the current host + current view.

:param request_data: The request as a dict
:type: dict

:return: The url of current host + current view
:rtype: string

get_self_routed_url_no_query(request_data):

Returns the routed URL of the current host + current view.

:param request_data: The request as a dict
:type: dict

:return: The url of current host + current view
:rtype: string

get_self_url(request_data):

Returns the URL of the current host + current view + query.

:param request_data: The request as a dict
:type: dict

:return: The url of current host + current view + query
:rtype: string

generate_unique_id():

Generates an unique string (used for example as ID for assertions).

:return: A unique string
:rtype: string

parse_time_to_SAML(time):

Converts a UNIX timestamp to SAML2 timestamp on the form
yyyy-mm-ddThh:mm:ss(\.s+)?Z.

:param time: The time we should convert (DateTime).
:type: string

:return: SAML2 timestamp.
:rtype: string

parse_SAML_to_time(timestr):

Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z
to a UNIX timestamp. The sub-second part is ignored.

:param timestr: The time we should convert (SAML Timestamp).
:type: string

:return: Converted to a unix timestamp.
:rtype: int

now():

:return: unix timestamp of actual time.
:rtype: int

parse_duration(duration, timestamp=None):

Interprets a ISO8601 duration value relative to a given timestamp.

:param duration: The duration, as a string.
:type: string

:param timestamp: The unix timestamp we should apply the duration to.
Optional, default to the current time.
:type: string

:return: The new timestamp, after the duration is applied.
:rtype: int

get_expire_time(cache_duration=None, valid_until=None):

Compares 2 dates and returns the earliest.

:param cache_duration: The duration, as a string.
:type: string

:param valid_until: The valid until date, as a string or as a timestamp
:type: string

:return: The expiration time.
:rtype: int

delete_local_session(callback=None):

Deletes the local session.

calculate_x509_fingerprint(x509_cert, alg='sha1'):

Calculates the fingerprint of a formatted x509cert.

:param x509_cert: x509 cert formatted
:type: string

:param alg: The algorithm to build the fingerprint
:type: string

:returns: fingerprint
:rtype: string

format_finger_print(fingerprint):

Formats a fingerprint.

:param fingerprint: fingerprint
:type: string

:returns: Formatted fingerprint
:rtype: string

generate_name_id(value, sp_nq, sp_format=None, cert=None, debug=False, nq=None):

Generates a nameID.

:param value: fingerprint
:type: string

:param sp_nq: SP Name Qualifier
:type: string

:param sp_format: SP Format
:type: string

:param cert: IdP Public Cert to encrypt the nameID
:type: string

:param debug: Activate the xmlsec debug
:type: bool

:returns: DOMElement | XMLSec nameID
:rtype: string

:param nq: IDP Name Qualifier
:type: string

get_status(dom):

Gets Status from a Response.

:param dom: The Response as XML
:type: Document

:returns: The Status, an array with the code and a message.
:rtype: dict

decrypt_element(encrypted_data, key, debug=False, inplace=False):

Decrypts an encrypted element.

:param encrypted_data: The encrypted data.
:type: lxml.etree.Element | DOMElement | basestring

:param key: The key.
:type: string

:param debug: Activate the xmlsec debug
:type: bool

:param inplace: update passed data with decrypted result
:type: bool

:returns: The decrypted element.
:rtype: lxml.etree.Element

add_sign(xml, key, cert, debug=False, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1, digest_algorithm=OneLogin_Saml2_Constants.SHA1):

Adds signature key and senders certificate to an element (Message or
Assertion).

:param xml: The element we should sign
:type: string | Document

:param key: The private key
:type: string

:param cert: The public
:type: string

:param debug: Activate the xmlsec debug
:type: bool

:param sign_algorithm: Signature algorithm method
:type sign_algorithm: string

:param digest_algorithm: Digest algorithm method
:type digest_algorithm: string

:returns: Signed XML
:rtype: string

validate_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False, xpath=None, multicerts=None):

Validates a signature (Message or Assertion).

:param xml: The element we should validate
:type: string | Document

:param cert: The public cert
:type: string

:param fingerprint: The fingerprint of the public cert
:type: string

:param fingerprintalg: The algorithm used to build the fingerprint
:type: string

:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool

:param debug: Activate the xmlsec debug
:type: bool

:param xpath: The xpath of the signed element
:type: string

:param multicerts: Multiple public certs
:type: list

:param raise_exceptions: Whether to return false on failure or raise an exception
:type raise_exceptions: Boolean

validate_metadata_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False):

Validates a signature of a EntityDescriptor.

:param xml: The element we should validate
:type: string | Document

:param cert: The public cert
:type: string

:param fingerprint: The fingerprint of the public cert
:type: string

:param fingerprintalg: The algorithm used to build the fingerprint
:type: string

:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool

:param debug: Activate the xmlsec debug
:type: bool

:param raise_exceptions: Whether to return false on failure or raise an exception
:type raise_exceptions: Boolean

validate_node_sign(signature_node, elem, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False):

Validates a signature node.

:param signature_node: The signature node
:type: Node

:param xml: The element we should validate
:type: Document

:param cert: The public cert
:type: string

:param fingerprint: The fingerprint of the public cert
:type: string

:param fingerprintalg: The algorithm used to build the fingerprint
:type: string

:param validatecert: If true, will verify the signature and if the cert is valid.
:type: bool

:param debug: Activate the xmlsec debug
:type: bool

:param raise_exceptions: Whether to return false on failure or raise an exception
:type raise_exceptions: Boolean

sign_binary(msg, key, algorithm=xmlsec.Transform.RSA_SHA1, debug=False):

Sign binary message

:param msg: The element we should validate
:type: bytes

:param key: The private key
:type: string

:param debug: Activate the xmlsec debug
:type: bool

:return signed message
:rtype str

validate_binary_sign(signed_query, signature, cert=None, algorithm=OneLogin_Saml2_Constants.RSA_SHA1, debug=False):

Validates signed binary data (Used to validate GET Signature).

:param signed_query: The element we should validate
:type: string

:param signature: The signature that will be validate
:type: string

:param cert: The public cert
:type: string

:param algorithm: Signature algorithm
:type: string

:param debug: Activate the xmlsec debug
:type: bool

Source code