Merge pull request #8 from IdentityPython/master

pysaml2 updates

Author: peppelinux

docs/install.rst

@@ -25,6 +25,10 @@ You also need xmlsec1 which you can download from http://www.aleksey.com/xmlsec/
 
 If you're on macOS, you can get xmlsec1 installed from MacPorts or Fink.
 
+If you're on rhel/centos 7 you will need to install xmlsec1 and xmlsec1-openssl::
+
+    yum install xmlsec1 xmlsec1-openssl
+
 Depending on how you are going to use PySAML2 you might also need
 
 * Mako

src/saml2/httpbase.py

@@ -196,7 +196,7 @@ def set_cookie(self, kaka, request):
                 std_attr["domain"] = _domain
                 std_attr["domain_specified"] = True
 
-            if morsel["max-age"] is 0:
+            if morsel["max-age"] == 0:
                 try:
                     self.cookiejar.clear(domain=std_attr["domain"],
                                          path=std_attr["path"],

src/saml2/response.py

@@ -212,10 +212,8 @@ def for_me(conditions, myself):
             if audience.text.strip() == myself:
                 return True
             else:
-                # print("Not for me: %s != %s" % (audience.text.strip(),
-                # myself))
-                pass
-
+                logger.debug("AudienceRestriction - One condition not satisfied: %s != %s" % (audience.text.strip(), myself))
+    logger.debug("AudienceRestrictions not satisfied!")
     return False
 
 
@@ -613,7 +611,7 @@ def condition_ok(self, lax=False):
 
         if not for_me(conditions, self.entity_id):
             if not lax:
-                raise Exception("Not for me!!!")
+                raise Exception("AudienceRestrictions conditions not satisfied! (Local entity_id=%s)" % self.entity_id)
 
         if conditions.condition:  # extra conditions
             for cond in conditions.condition:

src/saml2/s2repoze/plugins/sp.py

@@ -670,7 +670,7 @@ def make_plugin(
     discovery="",
     idp_query_param="",
 ):
-    if saml_conf is "":
+    if saml_conf == "":
         raise ValueError("must include saml_conf in configuration")
 
     if remember_name is None:

src/saml2/saml.py

@@ -256,7 +256,7 @@ def _wrong_type_value(xsd, value):
 
         xsd_ns, xsd_type = (
             ['', type(None)] if xsd_string is None
-            else ['', ''] if xsd_string is ''
+            else ['', ''] if xsd_string == ''
             else [
                 XSD if xsd_string in xsd_types_props else '',
                 xsd_string

src/saml2/sigver.py

@@ -450,7 +450,7 @@ def extract_rsa_key_from_x509_cert(pem):
 
 
 def pem_format(key):
-    return '\n'.join([
+    return os.linesep.join([
         '-----BEGIN CERTIFICATE-----',
         key,
         '-----END CERTIFICATE-----'

src/saml2/soap.py

@@ -159,7 +159,7 @@ def parse_soap_enveloped_saml_thingy(text, expected_tags):
 
 import re
 
-NS_AND_TAG = re.compile("\{([^}]+)\}(.*)")
+NS_AND_TAG = re.compile(r"\{([^}]+)\}(.*)")
 
 
 def instanciate_class(item, modules):

src/saml2/time_util.py

@@ -18,7 +18,7 @@
 
 TIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ"
 TIME_FORMAT_WITH_FRAGMENT = re.compile(
-    "^(\d{4,4}-\d{2,2}-\d{2,2}T\d{2,2}:\d{2,2}:\d{2,2})(\.\d*)?Z?$")
+    r"^(\d{4,4}-\d{2,2}-\d{2,2}T\d{2,2}:\d{2,2}:\d{2,2})(\.\d*)?Z?$")
 
 # ---------------------------------------------------------------------------
 # I'm sure this is implemented somewhere else can't find it now though, so I

src/saml2/validate.py

@@ -41,7 +41,7 @@ class ToEarly(Exception):
 # --------------------- validators -------------------------------------
 #
 
-NCNAME = re.compile("(?P<NCName>[a-zA-Z_](\w|[_.-])*)")
+NCNAME = re.compile(r"(?P<NCName>[a-zA-Z_](\w|[_.-])*)")
 
 
 def valid_ncname(name):
@@ -436,7 +436,7 @@ def valid_instance(instance):
 
 def valid_domain_name(dns_name):
     m = re.match(
-        "^[a-z0-9]+([-.]{ 1 }[a-z0-9]+).[a-z]{2,5}(:[0-9]{1,5})?(\/.)?$",
+        r"^[a-z0-9]+([-.]{ 1 }[a-z0-9]+).[a-z]{2,5}(:[0-9]{1,5})?(\/.)?$",
         dns_name, re.I)
     if not m:
         raise ValueError("Not a proper domain name")

tests/metadata.aaitest.xml

@@ -7,7 +7,7 @@
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     ID="AAITest-20140205105921"
                     Name="urn:mace:switch.ch:aaitest"
-                    validUntil="2020-02-10T09:59:21Z"
+                    validUntil="2999-02-10T09:59:21Z"
                     xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:SignedInfo>
@@ -135,9 +135,9 @@
         </ds:KeyInfo>
     </ds:Signature>
     <!--
-		This metadata file is generated for the AAI Test federation, 
+		This metadata file is generated for the AAI Test federation,
 		which is for development and testing purposes only!
-		Use at your own risk. SWITCH won't take responsibility 
+		Use at your own risk. SWITCH won't take responsibility
 		for the data included in this file.
 -->
     <Extensions>