providers/saml: fix wrong signing property being checked
closes PASSBOOK-45
This commit is contained in:
parent
7b9d1a1159
commit
9a1270c693
|
@ -1,8 +1,8 @@
|
|||
"""passbook management command to bootstrap"""
|
||||
from argparse import REMAINDER
|
||||
from subprocess import Popen # nosec
|
||||
from sys import stderr, stdin, stdout
|
||||
from sys import exit as _exit
|
||||
from sys import stderr, stdin, stdout
|
||||
from time import sleep
|
||||
from typing import List
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ def get_response_xml(parameters, saml_provider: SAMLProvider, assertion_id=""):
|
|||
|
||||
raw_response = render_to_string("saml/xml/response.xml", params)
|
||||
|
||||
if not saml_provider.signing:
|
||||
if not saml_provider.signing_kp:
|
||||
return raw_response
|
||||
|
||||
signature_xml = get_signature_xml()
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
"""Signing code goes here."""
|
||||
from typing import TYPE_CHECKING
|
||||
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from lxml import etree # nosec
|
||||
from signxml import XMLSigner, XMLVerifier
|
||||
from structlog import get_logger
|
||||
|
@ -17,11 +15,6 @@ LOGGER = get_logger()
|
|||
|
||||
def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
|
||||
"""Sign Data with signxml"""
|
||||
key = serialization.load_pem_private_key(
|
||||
str.encode("\n".join([x.strip() for x in provider.signing_key.split("\n")])),
|
||||
password=None,
|
||||
backend=default_backend(),
|
||||
)
|
||||
# defused XML is not used here because it messes up XML namespaces
|
||||
# Data is trusted, so lxml is ok
|
||||
root = etree.fromstring(data) # nosec
|
||||
|
@ -32,7 +25,7 @@ def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -
|
|||
)
|
||||
signed = signer.sign(
|
||||
root,
|
||||
key=key,
|
||||
key=provider.signing_kp.private_key,
|
||||
cert=[provider.signing_kp.certificate_data],
|
||||
reference_uri=reference_uri,
|
||||
)
|
||||
|
|
Reference in a new issue