crypto: fix "Could not deserialize key data." with empty private key

2020-11-08 22:27:28 +01:00 · 2020-11-08 22:27:28 +01:00 · a202679bfb
parent 1edcda58ba
commit a202679bfb
4 changed files with 31 additions and 1 deletions
--- a/passbook/crypto/models.py
+++ b/passbook/crypto/models.py
@ -54,7 +54,7 @@ class CertificateKeyPair(CreatedUpdatedModel):
    @property
    def private_key(self) -> Optional[RSAPrivateKey]:
        """Get python cryptography PrivateKey instance"""
-        if not self._private_key:
+        if not self._private_key and self._private_key != "":
            self._private_key = load_pem_private_key(
                str.encode("\n".join([x.strip() for x in self.key_data.split("\n")])),
                password=None,
--- a/passbook/providers/saml/forms.py
+++ b/passbook/providers/saml/forms.py
@ -7,6 +7,7 @@ from django.utils.translation import gettext as _

 from passbook.admin.fields import CodeMirrorWidget
 from passbook.core.expression import PropertyMappingEvaluator
+from passbook.crypto.models import CertificateKeyPair
 from passbook.flows.models import Flow, FlowDesignation
 from passbook.providers.saml.models import SAMLPropertyMapping, SAMLProvider

@ -20,6 +21,9 @@ class SAMLProviderForm(forms.ModelForm):
            designation=FlowDesignation.AUTHORIZATION
        )
        self.fields["property_mappings"].queryset = SAMLPropertyMapping.objects.all()
+        self.fields["signing_kp"].queryset = CertificateKeyPair.objects.exclude(
+            key_data__iexact=""
+        )

    class Meta:

--- a/passbook/providers/saml/tests/test_auth_n_request.py
+++ b/passbook/providers/saml/tests/test_auth_n_request.py
@ -34,6 +34,7 @@ class TestAuthNRequest(TestCase):
            ),
            acs_url="http://testserver/source/saml/provider/acs/",
            signing_kp=CertificateKeyPair.objects.first(),
+            verification_kp=CertificateKeyPair.objects.first(),
        )
        self.source = SAMLSource.objects.create(
            slug="provider",
--- a/swagger.yaml
+++ b/swagger.yaml
@ -1100,6 +1100,25 @@ paths:
        required: true
        type: string
        format: uuid
+  /flows/instances/{flow_uuid}/cache_count/:
+    get:
+      operationId: flows_instances_cache_count
+      description: Get count of cached flows
+      parameters: []
+      responses:
+        '200':
+          description: ''
+          schema:
+            $ref: '#/definitions/Flow'
+      tags:
+        - flows
+    parameters:
+      - name: flow_uuid
+        in: path
+        description: A UUID string identifying this Flow.
+        required: true
+        type: string
+        format: uuid
  /outposts/outposts/:
    get:
      operationId: outposts_outposts_list
@ -7506,6 +7525,12 @@ definitions:
        description: Require Requests to be signed by an X509 Certificate. Must match
          the Certificate selected in `Singing Keypair`.
        type: boolean
+      verification_kp:
+        title: Verification Keypair
+        description: If selected, incoming assertion's Signatures will be validated.
+        type: string
+        format: uuid
+        x-nullable: true
  Message:
    description: Serialize Django Message into DRF Object
    type: object