From a202679bfb9694d97f7ef72a314cc0b70bfc2520 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 8 Nov 2020 22:27:28 +0100 Subject: [PATCH] crypto: fix "Could not deserialize key data." with empty private key --- passbook/crypto/models.py | 2 +- passbook/providers/saml/forms.py | 4 +++ .../saml/tests/test_auth_n_request.py | 1 + swagger.yaml | 25 +++++++++++++++++++ 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/passbook/crypto/models.py b/passbook/crypto/models.py index 72c4e42e3..a06d4ed83 100644 --- a/passbook/crypto/models.py +++ b/passbook/crypto/models.py @@ -54,7 +54,7 @@ class CertificateKeyPair(CreatedUpdatedModel): @property def private_key(self) -> Optional[RSAPrivateKey]: """Get python cryptography PrivateKey instance""" - if not self._private_key: + if not self._private_key and self._private_key != "": self._private_key = load_pem_private_key( str.encode("\n".join([x.strip() for x in self.key_data.split("\n")])), password=None, diff --git a/passbook/providers/saml/forms.py b/passbook/providers/saml/forms.py index dff79a24e..1e8aa9d3b 100644 --- a/passbook/providers/saml/forms.py +++ b/passbook/providers/saml/forms.py @@ -7,6 +7,7 @@ from django.utils.translation import gettext as _ from passbook.admin.fields import CodeMirrorWidget from passbook.core.expression import PropertyMappingEvaluator +from passbook.crypto.models import CertificateKeyPair from passbook.flows.models import Flow, FlowDesignation from passbook.providers.saml.models import SAMLPropertyMapping, SAMLProvider @@ -20,6 +21,9 @@ class SAMLProviderForm(forms.ModelForm): designation=FlowDesignation.AUTHORIZATION ) self.fields["property_mappings"].queryset = SAMLPropertyMapping.objects.all() + self.fields["signing_kp"].queryset = CertificateKeyPair.objects.exclude( + key_data__iexact="" + ) class Meta: diff --git a/passbook/providers/saml/tests/test_auth_n_request.py b/passbook/providers/saml/tests/test_auth_n_request.py index 8fc511e98..057761016 100644 --- a/passbook/providers/saml/tests/test_auth_n_request.py +++ b/passbook/providers/saml/tests/test_auth_n_request.py @@ -34,6 +34,7 @@ class TestAuthNRequest(TestCase): ), acs_url="http://testserver/source/saml/provider/acs/", signing_kp=CertificateKeyPair.objects.first(), + verification_kp=CertificateKeyPair.objects.first(), ) self.source = SAMLSource.objects.create( slug="provider", diff --git a/swagger.yaml b/swagger.yaml index b22ad3467..adca314d4 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -1100,6 +1100,25 @@ paths: required: true type: string format: uuid + /flows/instances/{flow_uuid}/cache_count/: + get: + operationId: flows_instances_cache_count + description: Get count of cached flows + parameters: [] + responses: + '200': + description: '' + schema: + $ref: '#/definitions/Flow' + tags: + - flows + parameters: + - name: flow_uuid + in: path + description: A UUID string identifying this Flow. + required: true + type: string + format: uuid /outposts/outposts/: get: operationId: outposts_outposts_list @@ -7506,6 +7525,12 @@ definitions: description: Require Requests to be signed by an X509 Certificate. Must match the Certificate selected in `Singing Keypair`. type: boolean + verification_kp: + title: Verification Keypair + description: If selected, incoming assertion's Signatures will be validated. + type: string + format: uuid + x-nullable: true Message: description: Serialize Django Message into DRF Object type: object