Changing private attributes to protected

serpulga · serpulga · commit 0a33cd640669 · 2015-05-14T11:53:54.000-05:00
diff --git a/src/onelogin/saml2/response.py b/src/onelogin/saml2/response.py
@@ -38,8 +38,8 @@ def __init__(self, settings, response):
         :param response: The base64 encoded, XML string containing the samlp:Response
         :type response: string
         """
-        self.__settings = settings
-        self.__error = None
+        self._settings = settings
+        self._error = None
         self.response = self.__class__.decode_response(response)
         self.document = fromstring(self.response)
         self.decrypted_document = None
@@ -68,8 +68,8 @@ def is_valid(self, request_data, response_id=None):
 
             return self.validate_response(request_data, response_id)
         except Exception as err:
-            self.__error = err.__str__()
-            debug = self.__settings.is_debug_active()
+            self._error = err.__str__()
+            debug = self._settings.is_debug_active()
             if debug:
                 print err.__str__()
             return False
@@ -103,7 +103,7 @@ def get_audiences(self):
         """
         audiences = []
 
-        audience_nodes = self.__query_assertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience')
+        audience_nodes = self._query_assertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience')
         for audience_node in audience_nodes:
             audiences.append(audience_node.text)
         return audiences
@@ -117,11 +117,11 @@ def get_issuers(self):
         """
         issuers = []
 
-        message_issuer_nodes = self.__query('/samlp:Response/saml:Issuer')
+        message_issuer_nodes = self._query('/samlp:Response/saml:Issuer')
         if message_issuer_nodes:
             issuers.append(message_issuer_nodes[0].text)
 
-        assertion_issuer_nodes = self.__query_assertion('/saml:Issuer')
+        assertion_issuer_nodes = self._query_assertion('/saml:Issuer')
         if assertion_issuer_nodes:
             issuers.append(assertion_issuer_nodes[0].text)
 
@@ -135,13 +135,13 @@ def get_nameid_data(self):
         :rtype: dict
         """
         nameid = None
-        encrypted_id_data_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
+        encrypted_id_data_nodes = self._query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
         if encrypted_id_data_nodes:
             encrypted_data = encrypted_id_data_nodes[0]
-            key = self.__settings.get_sp_key()
+            key = self._settings.get_sp_key()
             nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key)
         else:
-            nameid_nodes = self.__query_assertion('/saml:Subject/saml:NameID')
+            nameid_nodes = self._query_assertion('/saml:Subject/saml:NameID')
             if nameid_nodes:
                 nameid = nameid_nodes[0]
         if nameid is None:
@@ -173,7 +173,7 @@ def get_session_not_on_or_after(self):
         :rtype: time|None
         """
         not_on_or_after = None
-        authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionNotOnOrAfter]')
+        authn_statement_nodes = self._query_assertion('/saml:AuthnStatement[@SessionNotOnOrAfter]')
         if authn_statement_nodes:
             not_on_or_after = OneLogin_Saml2_Utils.parse_SAML_to_time(authn_statement_nodes[0].get('SessionNotOnOrAfter'))
         return not_on_or_after
@@ -189,7 +189,7 @@ def get_session_index(self):
         :rtype: string|None
         """
         session_index = None
-        authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionIndex]')
+        authn_statement_nodes = self._query_assertion('/saml:AuthnStatement[@SessionIndex]')
         if authn_statement_nodes:
             session_index = authn_statement_nodes[0].get('SessionIndex')
         return session_index
@@ -200,7 +200,7 @@ def get_attributes(self):
         EncryptedAttributes are not supported
         """
         attributes = {}
-        attribute_nodes = self.__query_assertion('/saml:AttributeStatement/saml:Attribute')
+        attribute_nodes = self._query_assertion('/saml:AttributeStatement/saml:Attribute')
         for attribute_node in attribute_nodes:
             attr_name = attribute_node.get('Name')
             values = []
@@ -216,8 +216,8 @@ def validate_num_assertions(self):
         :returns: True if only 1 assertion encrypted or not
         :rtype: bool
         """
-        encrypted_assertion_nodes = self.__query('/samlp:Response/saml:EncryptedAssertion')
-        assertion_nodes = self.__query('/samlp:Response/saml:Assertion')
+        encrypted_assertion_nodes = self._query('/samlp:Response/saml:EncryptedAssertion')
+        assertion_nodes = self._query('/samlp:Response/saml:Assertion')
         return (len(encrypted_assertion_nodes) + len(assertion_nodes)) == 1
 
     def validate_timestamps(self):
@@ -227,7 +227,7 @@ def validate_timestamps(self):
         :returns: True if the condition is valid, False otherwise
         :rtype: bool
         """
-        conditions_nodes = self.__query_assertion('/saml:Conditions')
+        conditions_nodes = self._query_assertion('/saml:Conditions')
 
         for conditions_node in conditions_nodes:
             nb_attr = conditions_node.get('NotBefore')
@@ -238,7 +238,7 @@ def validate_timestamps(self):
                 return False
         return True
 
-    def __query_assertion(self, xpath_expr):
+    def _query_assertion(self, xpath_expr):
         """
         Extracts nodes that match the query from the Assertion
 
@@ -254,12 +254,12 @@ def __query_assertion(self, xpath_expr):
             assertion_expr = '/saml:Assertion'
         signature_expr = '/ds:Signature/ds:SignedInfo/ds:Reference'
         signed_assertion_query = '/samlp:Response' + assertion_expr + signature_expr
-        assertion_reference_nodes = self.__query(signed_assertion_query)
+        assertion_reference_nodes = self._query(signed_assertion_query)
 
         if not assertion_reference_nodes:
             # Check if the message is signed
             signed_message_query = '/samlp:Response' + signature_expr
-            message_reference_nodes = self.__query(signed_message_query)
+            message_reference_nodes = self._query(signed_message_query)
             if message_reference_nodes:
                 message_id = message_reference_nodes[0].get('URI')
                 final_query = "/samlp:Response[@ID='%s']/" % message_id[1:]
@@ -270,9 +270,9 @@ def __query_assertion(self, xpath_expr):
             assertion_id = assertion_reference_nodes[0].get('URI')
             final_query = '/samlp:Response' + assertion_expr + "[@ID='%s']" % assertion_id[1:]
         final_query += xpath_expr
-        return self.__query(final_query)
+        return self._query(final_query)
 
-    def __query(self, query):
+    def _query(self, query):
         """
         Extracts nodes that match the query from the Response
 
@@ -288,7 +288,7 @@ def __query(self, query):
             document = self.document
         return OneLogin_Saml2_Utils.query(document, query)
 
-    def __decrypt_assertion(self, dom):
+    def _decrypt_assertion(self, dom):
         """
         Decrypts the Assertion
 
@@ -298,7 +298,7 @@ def __decrypt_assertion(self, dom):
         :returns: Decrypted Assertion
         :rtype: Element
         """
-        key = self.__settings.get_sp_key()
+        key = self._settings.get_sp_key()
 
         if not key:
             raise Exception('No private key available, check settings')
@@ -315,7 +315,7 @@ def get_error(self):
         """
         After execute a validation process, if fails this method returns the cause
         """
-        return self.__error
+        return self._error
 
 
 class OneLogin_Saml2_Response_Post(OneLogin_Saml2_Response):
@@ -331,16 +331,13 @@ def __init__(self, settings, response):
         :type response: string
         """
         OneLogin_Saml2_Response.__init__(self, settings, response)
-        # Reset these given the meaning of double underscore in Python.
-        self.__settings = settings
-        self.__error = None
 
         # Quick check for the presence of EncryptedAssertion
-        encrypted_assertion_nodes = self.__query('/samlp:Response/saml:EncryptedAssertion')
+        encrypted_assertion_nodes = self._query('/samlp:Response/saml:EncryptedAssertion')
         if encrypted_assertion_nodes:
             decrypted_document = deepcopy(self.document)
             self.encrypted = True
-            self.decrypted_document = self.__decrypt_assertion(decrypted_document)
+            self.decrypted_document = self._decrypt_assertion(decrypted_document)
 
     @staticmethod
     def decode_response(response):
@@ -366,24 +363,24 @@ def validate_response(self, request_data, request_id=None):
         :returns: True if the SAML Response is valid, False if not
         :rtype: bool
         """
-        self.__error = None
-        idp_data = self.__settings.get_idp_data()
+        self._error = None
+        idp_data = self._settings.get_idp_data()
         idp_entity_id = idp_data.get('entityId', '')
-        sp_data = self.__settings.get_sp_data()
+        sp_data = self._settings.get_sp_data()
         sp_entity_id = sp_data.get('entityId', '')
 
-        sign_nodes = self.__query('//ds:Signature')
+        sign_nodes = self._query('//ds:Signature')
 
         signed_elements = []
         for sign_node in sign_nodes:
             signed_elements.append(sign_node.getparent().tag)
 
-        if self.__settings.is_strict():
-            res = OneLogin_Saml2_Utils.validate_xml(etree.tostring(self.document), 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
+        if self._settings.is_strict():
+            res = OneLogin_Saml2_Utils.validate_xml(etree.tostring(self.document), 'saml-schema-protocol-2.0.xsd', self._settings.is_debug_active())
             if not isinstance(res, Document):
                 raise Exception('Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd')
 
-            security = self.__settings.get_security_data()
+            security = self._settings.get_security_data()
             current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)
 
             # Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided
@@ -396,20 +393,20 @@ def validate_response(self, request_data, request_id=None):
                 raise Exception('The assertion of the Response is not encrypted and the SP require it')
 
             if security.get('wantNameIdEncrypted', False):
-                encrypted_nameid_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
+                encrypted_nameid_nodes = self._query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
                 if len(encrypted_nameid_nodes) == 0:
                     raise Exception('The NameID of the Response is not encrypted and the SP require it')
 
             # Checks that there is at least one AttributeStatement
-            attribute_statement_nodes = self.__query_assertion('/saml:AttributeStatement')
+            attribute_statement_nodes = self._query_assertion('/saml:AttributeStatement')
             if not attribute_statement_nodes:
                 raise Exception('There is no AttributeStatement on the Response')
 
             # Validates Asserion timestamps
             if not self.validate_timestamps():
                 raise Exception('Timing issues (please check your clock settings)')
 
-            encrypted_attributes_nodes = self.__query_assertion('/saml:AttributeStatement/saml:EncryptedAttribute')
+            encrypted_attributes_nodes = self._query_assertion('/saml:AttributeStatement/saml:EncryptedAttribute')
             if encrypted_attributes_nodes:
                 raise Exception('There is an EncryptedAttribute in the Response and this SP not support them')
 
@@ -441,7 +438,7 @@ def validate_response(self, request_data, request_id=None):
 
             # Checks the SubjectConfirmation, at least one SubjectConfirmation must be valid
             any_subject_confirmation = False
-            subject_confirmation_nodes = self.__query_assertion('/saml:Subject/saml:SubjectConfirmation')
+            subject_confirmation_nodes = self._query_assertion('/saml:Subject/saml:SubjectConfirmation')
 
             for scn in subject_confirmation_nodes:
                 method = scn.get('Method', None)
@@ -513,9 +510,6 @@ def __init__(self, settings, response):
         :type response: string
         """
         OneLogin_Saml2_Response.__init__(self, settings, response)
-        # Reset these given the meaning of double underscore in Python.
-        self.__settings = settings
-        self.__error = None
 
     @staticmethod
     def decode_response(response):
@@ -541,17 +535,17 @@ def validate_response(self, request_data, request_id=None):
         :returns: True if the SAML Response is valid, False if not
         :rtype: bool
         """
-        self.__error = None
-        idp_data = self.__settings.get_idp_data()
+        self._error = None
+        idp_data = self._settings.get_idp_data()
         idp_entity_id = idp_data['entityId']
         get_data = request_data['get_data']
 
-        if self.__settings.is_strict():
-            res = OneLogin_Saml2_Utils.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
+        if self._settings.is_strict():
+            res = OneLogin_Saml2_Utils.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self._settings.is_debug_active())
             if not isinstance(res, Document):
                 raise Exception('Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd')
 
-            security = self.__settings.get_security_data()
+            security = self._settings.get_security_data()
 
             # Check if the InResponseTo of the Logout Response matchs the ID of the Logout Request (requestId) if provided
             if request_id is not None and self.document.documentElement.hasAttribute('InResponseTo'):
@@ -595,6 +589,12 @@ def validate_response(self, request_data, request_id=None):
                 raise Exception('In order to validate the sign on the Logout Response, the x509cert of the IdP is required')
             cert = idp_data['x509cert']
 
+            print '////////////'
+            print cert
+            print get_data
+            print signed_query
+            print '////////////'
+
             if not OneLogin_Saml2_Utils.validate_binary_sign(signed_query, b64decode(get_data['Signature']), cert):
                 raise Exception('Signature validation failed. Logout Response rejected')
 
