*/saml: fully migrate to xmlsec, remove signxml dependency

2020-11-12 22:31:50 +01:00
parent 085247e2dc
commit e5e4824920
21 changed files with 520 additions and 136 deletions
--- a/passbook/providers/saml/models.py
+++ b/passbook/providers/saml/models.py
@ -13,6 +13,17 @@ from passbook.core.models import PropertyMapping, Provider
 from passbook.crypto.models import CertificateKeyPair
 from passbook.lib.utils.template import render_to_string
 from passbook.lib.utils.time import timedelta_string_validator
+from passbook.sources.saml.processors.constants import (
+    DSA_SHA1,
+    RSA_SHA1,
+    RSA_SHA256,
+    RSA_SHA384,
+    RSA_SHA512,
+    SHA1,
+    SHA256,
+    SHA384,
+    SHA512,
+)

 LOGGER = get_logger()

@ -80,20 +91,23 @@ class SAMLProvider(Provider):
    digest_algorithm = models.CharField(
        max_length=50,
        choices=(
-            ("sha1", _("SHA1")),
-            ("sha256", _("SHA256")),
+            (SHA1, _("SHA1")),
+            (SHA256, _("SHA256")),
+            (SHA384, _("SHA384")),
+            (SHA512, _("SHA512")),
        ),
-        default="sha256",
+        default=SHA256,
    )
    signature_algorithm = models.CharField(
        max_length=50,
        choices=(
-            ("rsa-sha1", _("RSA-SHA1")),
-            ("rsa-sha256", _("RSA-SHA256")),
-            ("ecdsa-sha256", _("ECDSA-SHA256")),
-            ("dsa-sha1", _("DSA-SHA1")),
+            (RSA_SHA1, _("RSA-SHA1")),
+            (RSA_SHA256, _("RSA-SHA256")),
+            (RSA_SHA384, _("RSA-SHA384")),
+            (RSA_SHA512, _("RSA-SHA512")),
+            (DSA_SHA1, _("DSA-SHA1")),
        ),
-        default="rsa-sha256",
+        default=RSA_SHA256,
    )

    verification_kp = models.ForeignKey(