Univention Bugzilla – Attachment 9032 Details for
Bug 44704
SAML IdP certificate not accessible on UCS 4.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
24_download_certificate
24_download_certificate (text/plain), 1.65 KB, created by
Jürn Brodersen
on 2017-07-14 15:19:50 CEST
(
hide
)
Description:
24_download_certificate
Filename:
MIME Type:
Creator:
Jürn Brodersen
Created:
2017-07-14 15:19:50 CEST
Size:
1.65 KB
patch
obsolete
>#!/usr/share/ucs-test/runner python >## desc: Download certificate >## tags: [saml] >## exposure: safe > >import urllib2 >import re >from univention.config_registry import ConfigRegistry >from univention.testing.utils import fail > >def extract_base64_certificate_from_cert(certificate): > certificate = certificate.replace("\n", "") > base64_cert = re.search('.*-----BEGIN CERTIFICATE-----(?P<base64>.*)-----END CERTIFICATE-----.*', certificate).group('base64') > return base64_cert > >def extract_base64_certificate_from_metadata(metadata): > metadata = metadata.replace("\n", "") > base64_cert = re.search('.*<ds:X509Certificate>(?P<base64>.*)</ds:X509Certificate>.*', metadata).group('base64') > return base64_cert > >if __name__ == '__main__': > ucr = ConfigRegistry() > ucr.load() > > metadata_url = ucr['saml/idp/entityID'] > if metadata_url is None: > fail('The ucr key saml/idp/entityID is not set') > cert_url = metadata_url.replace('metadata.php', 'certificate') > > res = [] > > # read at least five times because ucs-sso is an alias for different IPs > for i in range(0, 5): > print '%d: Query cert for %r' % (i, cert_url) > response = urllib2.urlopen(cert_url) > cert = response.read() > if not cert: > fail('Empty response') > print cert > res.append(cert) > > for i in range(0, 4): > if res[i] != res[i + 1]: > fail('Certificate is different: %d and %d' % (i, i + 1)) > > print("Compare certificate with metadata") > base64_cert = extract_base64_certificate_from_cert(cert) > response = urllib2.urlopen(metadata_url) > metadata = response.read() > if extract_base64_certificate_from_metadata(metadata) != base64_cert: > fail('Certificate is different from the certificate in the metadata') > print("Certificate OK")
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9032">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 44704
:
9029
| 9032