providers/saml: big cleanup, simplify base processor

add New fields for - assertion_valid_not_before - assertion_valid_not_on_or_after - session_valid_not_on_or_after allow flexible time durations for these fields fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00
parent 2be026dd44
commit e36d7928e4
19 changed files with 495 additions and 392 deletions
--- a/passbook/providers/saml/utils/cert.py
+++ b/passbook/providers/saml/utils/cert.py
@ -0,0 +1,84 @@
+"""Create self-signed certificates"""
+import datetime
+import uuid
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import NameOID
+
+
+class CertificateBuilder:
+    """Build self-signed certificates"""
+
+    __public_key = None
+    __private_key = None
+    __builder = None
+    __certificate = None
+
+    def __init__(self):
+        self.__public_key = None
+        self.__private_key = None
+        self.__builder = None
+        self.__certificate = None
+
+    def build(self):
+        """Build self-signed certificate"""
+        one_day = datetime.timedelta(1, 0, 0)
+        self.__private_key = rsa.generate_private_key(
+            public_exponent=65537, key_size=2048, backend=default_backend()
+        )
+        self.__public_key = self.__private_key.public_key()
+        self.__builder = (
+            x509.CertificateBuilder()
+            .subject_name(
+                x509.Name(
+                    [
+                        x509.NameAttribute(
+                            NameOID.COMMON_NAME,
+                            u"passbook Self-signed SAML Certificate",
+                        ),
+                        x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"passbook"),
+                        x509.NameAttribute(
+                            NameOID.ORGANIZATIONAL_UNIT_NAME, u"Self-signed"
+                        ),
+                    ]
+                )
+            )
+            .issuer_name(
+                x509.Name(
+                    [
+                        x509.NameAttribute(
+                            NameOID.COMMON_NAME,
+                            u"passbook Self-signed SAML Certificate",
+                        ),
+                    ]
+                )
+            )
+            .not_valid_before(datetime.datetime.today() - one_day)
+            .not_valid_after(datetime.datetime.today() + datetime.timedelta(days=365))
+            .serial_number(int(uuid.uuid4()))
+            .public_key(self.__public_key)
+        )
+        self.__certificate = self.__builder.sign(
+            private_key=self.__private_key,
+            algorithm=hashes.SHA256(),
+            backend=default_backend(),
+        )
+
+    @property
+    def private_key(self):
+        """Return private key in PEM format"""
+        return self.__private_key.private_bytes(
+            encoding=serialization.Encoding.PEM,
+            format=serialization.PrivateFormat.TraditionalOpenSSL,
+            encryption_algorithm=serialization.NoEncryption(),
+        ).decode("utf-8")
+
+    @property
+    def certificate(self):
+        """Return certificate in PEM format"""
+        return self.__certificate.public_bytes(
+            encoding=serialization.Encoding.PEM,
+        ).decode("utf-8")