This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/providers/saml/utils/xml_signing.py

39 lines
1.2 KiB
Python
Raw Normal View History

2018-11-16 08:10:35 +00:00
"""Signing code goes here."""
from typing import TYPE_CHECKING
2018-12-26 16:26:17 +00:00
from lxml import etree # nosec
2018-12-26 20:56:08 +00:00
from signxml import XMLSigner, XMLVerifier
2019-10-01 08:24:10 +00:00
from structlog import get_logger
2018-11-16 08:10:35 +00:00
2018-11-16 09:08:15 +00:00
from passbook.lib.utils.template import render_to_string
2018-11-16 08:10:35 +00:00
if TYPE_CHECKING:
from passbook.providers.saml.models import SAMLProvider
LOGGER = get_logger()
2018-11-16 08:10:35 +00:00
def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
2018-11-16 08:10:35 +00:00
"""Sign Data with signxml"""
2018-12-26 20:56:08 +00:00
# defused XML is not used here because it messes up XML namespaces
# Data is trusted, so lxml is ok
2019-12-31 11:51:16 +00:00
root = etree.fromstring(data) # nosec
signer = XMLSigner(
c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#",
signature_algorithm=provider.signature_algorithm,
digest_algorithm=provider.digest_algorithm,
)
signed = signer.sign(
2020-03-03 22:35:50 +00:00
root,
key=provider.signing_kp.private_key,
2020-03-05 16:09:08 +00:00
cert=[provider.signing_kp.certificate_data],
2020-03-03 22:35:50 +00:00
reference_uri=reference_uri,
)
2020-03-05 16:09:08 +00:00
XMLVerifier().verify(signed, x509_cert=provider.signing_kp.certificate_data)
2019-12-31 11:51:16 +00:00
return etree.tostring(signed).decode("utf-8") # nosec
2018-11-16 08:10:35 +00:00
def get_signature_xml() -> str:
2018-11-16 08:10:35 +00:00
"""Returns XML Signature for subject."""
2019-12-31 11:51:16 +00:00
return render_to_string("saml/xml/signature.xml", {})