Skip to content
Snippets Groups Projects
Commit ade6dc2d authored by Martin van Es's avatar Martin van Es
Browse files

Add SIGHUP signal to mdserver to reload metadata

parent 3b12401d
No related branches found
No related tags found
No related merge requests found
#!/usr/bin/env python
import sys
import copy
import signal
from lxml import etree as ET
from flask import Flask
......@@ -18,7 +19,6 @@ app = Flask(__name__)
# Find all IdP's in edugain metadata
idps = {}
signed = {}
found = 0
cert = open("meta.crt").read()
key = open("meta.key").read()
......@@ -29,55 +29,72 @@ def sign(eid):
global idps, signed, cert, key
entityID = unquote(eid)
if entityID[:6] == "{sha1}":
entityID = entityID[6:]
sha1 = entityID[6:]
else:
entityID = hasher(entityID)
sha1 = hasher(entityID)
if entityID in signed:
signed_entity = signed[entityID]
if sha1 in signed:
signed_entity = signed[sha1]
if signed_entity.valid_until > datetime.now(tz.tzutc()):
print(f"serve {entityID}")
return signed[entityID].md
print(f"serve {sha1}")
return signed[sha1].md
if entityID in idps:
if sha1 in idps:
try:
print(f"sign {entityID}")
signed_element = signer(idps[entityID].md, cert, key)
signed_xml = ET.tostring(signed_element, pretty_print=True).decode()
signed_entity = Entity()
signed_entity.md = signed_xml
signed_entity.valid_until = idps[entityID].valid_until
signed[entityID] = signed_entity
return signed_xml
print(f"sign {sha1}")
valid_until = idps[sha1].valid_until
if valid_until > datetime.now(tz.tzutc()):
signed_element = signer(idps[sha1].md, cert, key)
signed_xml = ET.tostring(signed_element, pretty_print=True).decode()
signed_entity = Entity()
signed_entity.md = signed_xml
signed_entity.valid_until = idps[sha1].valid_until
signed[sha1] = signed_entity
return signed_xml
except Exception as e:
print(entityID)
print(sha1)
print(f" {e}")
traceback.print_exc()
return "No valid metadata\n", 404
for mdfile in sys.argv[1:]:
tree = ET.ElementTree(file=mdfile)
root = tree.getroot()
ns = copy.deepcopy(root.nsmap)
ns['xml'] = 'http://www.w3.org/XML/1998/namespace'
validUntil = root.get('validUntil')
cacheDuration = root.get('cacheDuration')
for entity_descriptor in root.findall('md:EntityDescriptor', ns):
entityID = entity_descriptor.attrib.get('entityID', 'none')
sha1 = hasher(entityID)
entity_descriptor.set('validUntil', validUntil)
entity_descriptor.set('cacheDuration', cacheDuration)
entity = Entity()
entity.md = entity_descriptor
entity.valid_until = parser.isoparse(validUntil)
if sha1 not in idps:
print(entityID)
print(sha1)
idps[sha1] = entity
found += 1
print(f"Found: {found}")
def read_metadata(signum, frm):
global idps, signed
found = 0
removed = 0
old_idps = copy.deepcopy(idps)
for mdfile in sys.argv[1:]:
tree = ET.ElementTree(file=mdfile)
root = tree.getroot()
ns = copy.deepcopy(root.nsmap)
ns['xml'] = 'http://www.w3.org/XML/1998/namespace'
validUntil = root.get('validUntil')
cacheDuration = root.get('cacheDuration')
valid_until = parser.isoparse(validUntil)
if valid_until > datetime.now(tz.tzutc()):
for entity_descriptor in root.findall('md:EntityDescriptor', ns):
entityID = entity_descriptor.attrib.get('entityID', 'none')
sha1 = hasher(entityID)
entity_descriptor.set('validUntil', validUntil)
entity_descriptor.set('cacheDuration', cacheDuration)
entity = Entity()
entity.md = entity_descriptor
entity.valid_until = valid_until
print(f"{{sha1}}{sha1} {entityID}")
idps[sha1] = entity
signed.pop(sha1, None)
old_idps.pop(sha1, None)
found += 1
for idp in old_idps:
idps.pop(idp, None)
signed.pop(idp, None)
removed += 1
print(f"Found: {found} entities")
print(f"Removed: {removed} entities")
print(f"validUntil: {validUntil}")
signal.signal(signal.SIGHUP, read_metadata)
app.run(host='0.0.0.0', port=5001)
......@@ -6,7 +6,7 @@ from concurrent.futures import ThreadPoolExecutor
from lxml import etree as ET
# import traceback
from .utils import hasher, signer
from utils import hasher, signer
# Find all IdP's in edugain metadata
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment