From b64f09b461caa231dc47715f1b2203baae033a59 Mon Sep 17 00:00:00 2001
From: Davide Vaghetti <davide.vaghetti@garr.it>
Date: Thu, 19 Nov 2020 19:13:31 +0100
Subject: [PATCH] Added support for multiple security contacts

---
 edugain_contacts.py | 53 +++++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/edugain_contacts.py b/edugain_contacts.py
index 545eff5..85daa84 100644
--- a/edugain_contacts.py
+++ b/edugain_contacts.py
@@ -19,7 +19,7 @@ xml_req = requests.get('https://mds.edugain.org/edugain-v1.xml')
 root = ET.fromstring(xml_req.content)
 
 contacts = set()
-seen_doms = set()
+seen_doms_mails = set()
 
 ns = {
     'md': 'urn:oasis:names:tc:SAML:2.0:metadata',
@@ -33,36 +33,37 @@ ns = {
 entities = root.findall('./md:EntityDescriptor', ns)
 
 for entity in entities:
+    sec_mails = set()
     orgname = entity.find('./md:Organization/md:OrganizationDisplayName', ns).text.strip()
     if not orgname:
         continue
-    contact = entity.find('./md:ContactPerson[@remd:contactType="http://refeds.org/metadata/contactType/security"]', ns)
-    if contact is None:
-        contact = entity.find(
-            './md:ContactPerson[@icmd:contactType="http://id.incommon.org/metadata/contactType/security"]', ns)
-    if contact is None:
-        continue
-    mail_el = contact.find('./md:EmailAddress', ns)
-    if mail_el is None:
-        continue
-    name_el = contact.find('./md:GivenName', ns)
-    surname_el = contact.find('./md:SurName', ns)
-    mail = strip_start(mail_el.text, 'mailto:')
-    if name_el is not None:
-        name = name_el.text.strip()
-        if surname_el is not None:
-            surname = surname_el.text.strip()
-            contact_txt = '"{} {}" <{}>'.format(name, surname, mail)
+    sec_contact_els = entity.findall('./md:ContactPerson[@remd:contactType="http://refeds.org/metadata/contactType/security"]', ns) + \
+    entity.findall('./md:ContactPerson[@icmd:contactType="http://id.incommon.org/metadata/contactType/security"]', ns)    
+    for sec_contact_el in sec_contact_els:
+        mail_el = sec_contact_el.find('./md:EmailAddress', ns)
+        name_el = sec_contact_el.find('./md:GivenName', ns)
+        surname_el = sec_contact_el.find('./md:SurName', ns)
+        if mail_el is None:
+            continue
+        mail = strip_start(mail_el.text, 'mailto:')
+        if name_el is not None:
+            name = name_el.text.strip()
+            if surname_el is not None:
+                surname = surname_el.text.strip()
+                sec_mails.add('"{} {}" <{}>'.format(name, surname, mail))
+            else:
+                sec_mails.add('"{}" <{}>'.format(name, mail))
         else:
-            contact_txt = '"{}" <{}>'.format(name, mail)
-    else:
-        contact_txt = mail
+            sec_mails.add(mail)
     doms = entity.findall('./md:IDPSSODescriptor/md:Extensions/shibmd:Scope[@regexp="false"]', ns)
-    for domain in doms:
-        domain_text = domain.text
-        if domain_text not in seen_doms:
-            seen_doms.add(domain_text)
-            contacts.add('{},{},{}'.format(domain_text, contact_txt, orgname))
+    doms_set = set()
+    for dom in doms:
+        doms_set.add(dom.text)
+    for domain in doms_set:
+        for mail in sec_mails:
+            if (domain,mail) not in seen_doms_mails:
+                seen_doms_mails.add((domain, mail))
+                contacts.add('{},{},{}'.format(domain, mail, orgname))
 
 for contact in sorted(contacts):
     print(contact)
-- 
GitLab