authentik/passbook/sources/saml/xml_signing.py

#XXX: Use svn:externals to get the same version as in saml2idp???
"""
Signing code goes here.
"""
# # python:
# import hashlib
# import string

from structlog import get_logger

# other libraries:
# this app:
# from passbook.providers.saml.utils import nice64
# from passbook.sources.saml.xml_templates import SIGNATURE, SIGNED_INFO

LOGGER = get_logger()

# def get_signature_xml(subject, reference_uri):
#     """
#     Returns XML Signature for subject.
#     """
#     private_key_file = saml2sp_settings.SAML2SP_PRIVATE_KEY_FILE
#     certificate_file = saml2sp_settings.SAML2SP_CERTIFICATE_FILE
#     LOGGER.debug('get_signature_xml - Begin.')
#     LOGGER.debug('Using private key file: ' + private_key_file)
#     LOGGER.debug('Using certificate file: ' + certificate_file)
#     LOGGER.debug('Subject: ' + subject)

#     # Hash the subject.
#     subject_hash = hashlib.sha1()
#     subject_hash.update(subject)
#     subject_digest = nice64(subject_hash.digest())
#     LOGGER.debug('Subject digest: ' + subject_digest)

#     # Create signed_info.
#     signed_info = string.Template(SIGNED_INFO).substitute({
#         'REFERENCE_URI': reference_uri,
#         'SUBJECT_DIGEST': subject_digest,
#     })
#     LOGGER.debug('SignedInfo XML: ' + signed_info)

# #    # "Digest" the signed_info.
# #    info_hash = hashlib.sha1()
# #    info_hash.update(signed_info)
# #    info_digest = info_hash.digest()
# #    LOGGER.debug('Info digest: ' + nice64(info_digest))

#     # RSA-sign the signed_info.
#     private_key = M2Crypto.EVP.load_key(private_key_file)
#     private_key.sign_init()
#     private_key.sign_update(signed_info)
#     rsa_signature = nice64(private_key.sign_final())
#     LOGGER.debug('RSA Signature: ' + rsa_signature)

#     # Load the certificate.
#     cert_data = load_cert_data(certificate_file)

#     # Put the signed_info and rsa_signature into the XML signature.
#     signed_info_short = signed_info.replace('xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', '')
#     signature_xml = string.Template(SIGNATURE).substitute({
#         'RSA_SIGNATURE': rsa_signature,
#         'SIGNED_INFO': signed_info_short,
#         'CERTIFICATE': cert_data,
#     })
#     LOGGER.debug('Signature XML: ' + signature_xml)
#     return signature_xml
sources/saml(major): add saml SP 2019-11-07 16:02:56 +00:00			`#XXX: Use svn:externals to get the same version as in saml2idp???`
			`"""`
			`Signing code goes here.`
			`"""`
			`# # python:`
			`# import hashlib`
			`# import string`

			`from structlog import get_logger`

			`# other libraries:`
			`# this app:`
			`# from passbook.providers.saml.utils import nice64`
			`# from passbook.sources.saml.xml_templates import SIGNATURE, SIGNED_INFO`

			`LOGGER = get_logger()`

			`# def get_signature_xml(subject, reference_uri):`
			`# """`
			`# Returns XML Signature for subject.`
			`# """`
			`# private_key_file = saml2sp_settings.SAML2SP_PRIVATE_KEY_FILE`
			`# certificate_file = saml2sp_settings.SAML2SP_CERTIFICATE_FILE`
			`# LOGGER.debug('get_signature_xml - Begin.')`
			`# LOGGER.debug('Using private key file: ' + private_key_file)`
			`# LOGGER.debug('Using certificate file: ' + certificate_file)`
			`# LOGGER.debug('Subject: ' + subject)`

			`# # Hash the subject.`
			`# subject_hash = hashlib.sha1()`
			`# subject_hash.update(subject)`
			`# subject_digest = nice64(subject_hash.digest())`
			`# LOGGER.debug('Subject digest: ' + subject_digest)`

			`# # Create signed_info.`
			`# signed_info = string.Template(SIGNED_INFO).substitute({`
			`# 'REFERENCE_URI': reference_uri,`
			`# 'SUBJECT_DIGEST': subject_digest,`
			`# })`
			`# LOGGER.debug('SignedInfo XML: ' + signed_info)`

			`# # # "Digest" the signed_info.`
			`# # info_hash = hashlib.sha1()`
			`# # info_hash.update(signed_info)`
			`# # info_digest = info_hash.digest()`
			`# # LOGGER.debug('Info digest: ' + nice64(info_digest))`

			`# # RSA-sign the signed_info.`
			`# private_key = M2Crypto.EVP.load_key(private_key_file)`
			`# private_key.sign_init()`
			`# private_key.sign_update(signed_info)`
			`# rsa_signature = nice64(private_key.sign_final())`
			`# LOGGER.debug('RSA Signature: ' + rsa_signature)`

			`# # Load the certificate.`
			`# cert_data = load_cert_data(certificate_file)`

			`# # Put the signed_info and rsa_signature into the XML signature.`
			`# signed_info_short = signed_info.replace('xmlns:ds="http://www.w3.org/2000/09/xmldsig#"', '')`
			`# signature_xml = string.Template(SIGNATURE).substitute({`
			`# 'RSA_SIGNATURE': rsa_signature,`
			`# 'SIGNED_INFO': signed_info_short,`
			`# 'CERTIFICATE': cert_data,`
			`# })`
			`# LOGGER.debug('Signature XML: ' + signature_xml)`
			`# return signature_xml`