From 9a1270c6938c44c4c566f07393334c3632dae712 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Fri, 10 Apr 2020 21:52:03 +0200
Subject: [PATCH] providers/saml: fix wrong signing property being checked

closes PASSBOOK-45
---
 passbook/lib/management/commands/bootstrap.py | 2 +-
 passbook/providers/saml/utils/xml_render.py   | 2 +-
 passbook/providers/saml/utils/xml_signing.py  | 9 +--------
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/passbook/lib/management/commands/bootstrap.py b/passbook/lib/management/commands/bootstrap.py
index 50420c9b0..7a172d51a 100644
--- a/passbook/lib/management/commands/bootstrap.py
+++ b/passbook/lib/management/commands/bootstrap.py
@@ -1,8 +1,8 @@
 """passbook management command to bootstrap"""
 from argparse import REMAINDER
 from subprocess import Popen  # nosec
-from sys import stderr, stdin, stdout
 from sys import exit as _exit
+from sys import stderr, stdin, stdout
 from time import sleep
 from typing import List
 
diff --git a/passbook/providers/saml/utils/xml_render.py b/passbook/providers/saml/utils/xml_render.py
index 9065c951a..d740f9ac8 100644
--- a/passbook/providers/saml/utils/xml_render.py
+++ b/passbook/providers/saml/utils/xml_render.py
@@ -82,7 +82,7 @@ def get_response_xml(parameters, saml_provider: SAMLProvider, assertion_id=""):
 
     raw_response = render_to_string("saml/xml/response.xml", params)
 
-    if not saml_provider.signing:
+    if not saml_provider.signing_kp:
         return raw_response
 
     signature_xml = get_signature_xml()
diff --git a/passbook/providers/saml/utils/xml_signing.py b/passbook/providers/saml/utils/xml_signing.py
index 9622a76a6..215b29830 100644
--- a/passbook/providers/saml/utils/xml_signing.py
+++ b/passbook/providers/saml/utils/xml_signing.py
@@ -1,8 +1,6 @@
 """Signing code goes here."""
 from typing import TYPE_CHECKING
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 from lxml import etree  # nosec
 from signxml import XMLSigner, XMLVerifier
 from structlog import get_logger
@@ -17,11 +15,6 @@ LOGGER = get_logger()
 
 def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
     """Sign Data with signxml"""
-    key = serialization.load_pem_private_key(
-        str.encode("\n".join([x.strip() for x in provider.signing_key.split("\n")])),
-        password=None,
-        backend=default_backend(),
-    )
     # defused XML is not used here because it messes up XML namespaces
     # Data is trusted, so lxml is ok
     root = etree.fromstring(data)  # nosec
@@ -32,7 +25,7 @@ def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -
     )
     signed = signer.sign(
         root,
-        key=key,
+        key=provider.signing_kp.private_key,
         cert=[provider.signing_kp.certificate_data],
         reference_uri=reference_uri,
     )