From 1a6dd006813bc8c032f5b37faa8aeb42b42e6144 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 1 Aug 2020 19:38:59 +0200
Subject: [PATCH] providers/saml: fix X509Data container linebreaks

---
 passbook/providers/saml/processors/assertion.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/passbook/providers/saml/processors/assertion.py b/passbook/providers/saml/processors/assertion.py
index d5e5fdab9..12922e775 100644
--- a/passbook/providers/saml/processors/assertion.py
+++ b/passbook/providers/saml/processors/assertion.py
@@ -5,7 +5,7 @@ from types import GeneratorType
 from django.http import HttpRequest
 from lxml import etree  # nosec
 from lxml.etree import Element, SubElement  # nosec
-from signxml import XMLSigner, XMLVerifier
+from signxml import XMLSigner, XMLVerifier, strip_pem_header
 from structlog import get_logger
 
 from passbook.core.exceptions import PropertyMappingExpressionException
@@ -228,14 +228,15 @@ class AssertionProcessor:
                 signature_algorithm=self.provider.signature_algorithm,
                 digest_algorithm=self.provider.digest_algorithm,
             )
+            x509_data = strip_pem_header(
+                self.provider.signing_kp.certificate_data
+            ).replace("\n", "")
             signed = signer.sign(
                 root_response,
                 key=self.provider.signing_kp.private_key,
-                cert=[self.provider.signing_kp.certificate_data],
+                cert=[x509_data],
                 reference_uri=self._assertion_id,
             )
-            XMLVerifier().verify(
-                signed, x509_cert=self.provider.signing_kp.certificate_data
-            )
+            XMLVerifier().verify(signed, x509_cert=x509_data)
             return etree.tostring(signed).decode("utf-8")  # nosec
         return etree.tostring(root_response).decode("utf-8")  # nosec