providers/saml: fix wrong signing property being checked

closes PASSBOOK-45
This commit is contained in:
Jens Langhammer 2020-04-10 21:52:03 +02:00
parent 7b9d1a1159
commit 9a1270c693
3 changed files with 3 additions and 10 deletions

View file

@ -1,8 +1,8 @@
"""passbook management command to bootstrap"""
from argparse import REMAINDER
from subprocess import Popen # nosec
from sys import stderr, stdin, stdout
from sys import exit as _exit
from sys import stderr, stdin, stdout
from time import sleep
from typing import List

View file

@ -82,7 +82,7 @@ def get_response_xml(parameters, saml_provider: SAMLProvider, assertion_id=""):
raw_response = render_to_string("saml/xml/response.xml", params)
if not saml_provider.signing:
if not saml_provider.signing_kp:
return raw_response
signature_xml = get_signature_xml()

View file

@ -1,8 +1,6 @@
"""Signing code goes here."""
from typing import TYPE_CHECKING
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from lxml import etree # nosec
from signxml import XMLSigner, XMLVerifier
from structlog import get_logger
@ -17,11 +15,6 @@ LOGGER = get_logger()
def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
"""Sign Data with signxml"""
key = serialization.load_pem_private_key(
str.encode("\n".join([x.strip() for x in provider.signing_key.split("\n")])),
password=None,
backend=default_backend(),
)
# defused XML is not used here because it messes up XML namespaces
# Data is trusted, so lxml is ok
root = etree.fromstring(data) # nosec
@ -32,7 +25,7 @@ def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -
)
signed = signer.sign(
root,
key=key,
key=provider.signing_kp.private_key,
cert=[provider.signing_kp.certificate_data],
reference_uri=reference_uri,
)