2018-11-16 08:10:35 +00:00
|
|
|
"""Signing code goes here."""
|
|
|
|
from cryptography.hazmat.backends import default_backend
|
|
|
|
from cryptography.hazmat.primitives import serialization
|
2018-12-26 16:26:17 +00:00
|
|
|
from lxml import etree # nosec
|
2018-12-26 20:56:08 +00:00
|
|
|
from signxml import XMLSigner, XMLVerifier
|
2019-10-01 08:24:10 +00:00
|
|
|
from structlog import get_logger
|
2018-11-16 08:10:35 +00:00
|
|
|
|
2018-11-16 09:08:15 +00:00
|
|
|
from passbook.lib.utils.template import render_to_string
|
2018-11-16 08:10:35 +00:00
|
|
|
|
2019-10-01 08:24:10 +00:00
|
|
|
LOGGER = get_logger(__name__)
|
2018-11-16 08:10:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
def sign_with_signxml(private_key, data, cert, reference_uri=None):
|
|
|
|
"""Sign Data with signxml"""
|
|
|
|
key = serialization.load_pem_private_key(
|
|
|
|
str.encode('\n'.join([x.strip() for x in private_key.split('\n')])),
|
|
|
|
password=None, backend=default_backend())
|
2018-12-26 20:56:08 +00:00
|
|
|
# defused XML is not used here because it messes up XML namespaces
|
|
|
|
# Data is trusted, so lxml is ok
|
2018-12-26 16:26:17 +00:00
|
|
|
root = etree.fromstring(data) # nosec
|
2018-11-16 08:10:35 +00:00
|
|
|
signer = XMLSigner(c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#')
|
2018-12-26 20:56:08 +00:00
|
|
|
signed = signer.sign(root, key=key, cert=[cert], reference_uri=reference_uri)
|
|
|
|
XMLVerifier().verify(signed, x509_cert=cert)
|
|
|
|
return etree.tostring(signed).decode('utf-8') # nosec
|
2018-11-16 08:10:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
def get_signature_xml():
|
|
|
|
"""Returns XML Signature for subject."""
|
|
|
|
return render_to_string('saml/xml/signature.xml', {})
|