providers/saml: fix wrong signing property being checked
closes PASSBOOK-45
This commit is contained in:
parent
7b9d1a1159
commit
9a1270c693
|
@ -1,8 +1,8 @@
|
||||||
"""passbook management command to bootstrap"""
|
"""passbook management command to bootstrap"""
|
||||||
from argparse import REMAINDER
|
from argparse import REMAINDER
|
||||||
from subprocess import Popen # nosec
|
from subprocess import Popen # nosec
|
||||||
from sys import stderr, stdin, stdout
|
|
||||||
from sys import exit as _exit
|
from sys import exit as _exit
|
||||||
|
from sys import stderr, stdin, stdout
|
||||||
from time import sleep
|
from time import sleep
|
||||||
from typing import List
|
from typing import List
|
||||||
|
|
||||||
|
|
|
@ -82,7 +82,7 @@ def get_response_xml(parameters, saml_provider: SAMLProvider, assertion_id=""):
|
||||||
|
|
||||||
raw_response = render_to_string("saml/xml/response.xml", params)
|
raw_response = render_to_string("saml/xml/response.xml", params)
|
||||||
|
|
||||||
if not saml_provider.signing:
|
if not saml_provider.signing_kp:
|
||||||
return raw_response
|
return raw_response
|
||||||
|
|
||||||
signature_xml = get_signature_xml()
|
signature_xml = get_signature_xml()
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
"""Signing code goes here."""
|
"""Signing code goes here."""
|
||||||
from typing import TYPE_CHECKING
|
from typing import TYPE_CHECKING
|
||||||
|
|
||||||
from cryptography.hazmat.backends import default_backend
|
|
||||||
from cryptography.hazmat.primitives import serialization
|
|
||||||
from lxml import etree # nosec
|
from lxml import etree # nosec
|
||||||
from signxml import XMLSigner, XMLVerifier
|
from signxml import XMLSigner, XMLVerifier
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
@ -17,11 +15,6 @@ LOGGER = get_logger()
|
||||||
|
|
||||||
def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
|
def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
|
||||||
"""Sign Data with signxml"""
|
"""Sign Data with signxml"""
|
||||||
key = serialization.load_pem_private_key(
|
|
||||||
str.encode("\n".join([x.strip() for x in provider.signing_key.split("\n")])),
|
|
||||||
password=None,
|
|
||||||
backend=default_backend(),
|
|
||||||
)
|
|
||||||
# defused XML is not used here because it messes up XML namespaces
|
# defused XML is not used here because it messes up XML namespaces
|
||||||
# Data is trusted, so lxml is ok
|
# Data is trusted, so lxml is ok
|
||||||
root = etree.fromstring(data) # nosec
|
root = etree.fromstring(data) # nosec
|
||||||
|
@ -32,7 +25,7 @@ def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -
|
||||||
)
|
)
|
||||||
signed = signer.sign(
|
signed = signer.sign(
|
||||||
root,
|
root,
|
||||||
key=key,
|
key=provider.signing_kp.private_key,
|
||||||
cert=[provider.signing_kp.certificate_data],
|
cert=[provider.signing_kp.certificate_data],
|
||||||
reference_uri=reference_uri,
|
reference_uri=reference_uri,
|
||||||
)
|
)
|
||||||
|
|
Reference in a new issue