providers/saml: fix wrong signing property being checked

closes PASSBOOK-45

passbook/lib/management/commands/bootstrap.py

@@ -1,8 +1,8 @@
 """passbook management command to bootstrap"""
 from argparse import REMAINDER
 from subprocess import Popen  # nosec
-from sys import stderr, stdin, stdout
 from sys import exit as _exit
+from sys import stderr, stdin, stdout
 from time import sleep
 from typing import List
 

passbook/providers/saml/utils/xml_render.py

@@ -82,7 +82,7 @@ def get_response_xml(parameters, saml_provider: SAMLProvider, assertion_id=""):
 
     raw_response = render_to_string("saml/xml/response.xml", params)
 
-    if not saml_provider.signing:
+    if not saml_provider.signing_kp:
         return raw_response
 
     signature_xml = get_signature_xml()

passbook/providers/saml/utils/xml_signing.py

@@ -1,8 +1,6 @@
 """Signing code goes here."""
 from typing import TYPE_CHECKING
 
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
 from lxml import etree  # nosec
 from signxml import XMLSigner, XMLVerifier
 from structlog import get_logger
@@ -17,11 +15,6 @@ LOGGER = get_logger()
 
 def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -> str:
     """Sign Data with signxml"""
-    key = serialization.load_pem_private_key(
-        str.encode("\n".join([x.strip() for x in provider.signing_key.split("\n")])),
-        password=None,
-        backend=default_backend(),
-    )
     # defused XML is not used here because it messes up XML namespaces
     # Data is trusted, so lxml is ok
     root = etree.fromstring(data)  # nosec
@@ -32,7 +25,7 @@ def sign_with_signxml(data: str, provider: "SAMLProvider", reference_uri=None) -
     )
     signed = signer.sign(
         root,
-        key=key,
+        key=provider.signing_kp.private_key,
         cert=[provider.signing_kp.certificate_data],
         reference_uri=reference_uri,
     )