habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e36d7928e47a5d499547adf05b252c5c7b58236b
authentik/passbook/providers/saml/utils/xml_signing.py
Jens Langhammer e36d7928e4 providers/saml: big cleanup, simplify base processor 
add New fields for
 - assertion_valid_not_before
 - assertion_valid_not_on_or_after
 - session_valid_not_on_or_after
allow flexible time durations for these fields
fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00

32 lines
1.1 KiB
Python
Raw Blame History

"""Signing code goes here."""
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from lxml import etree # nosec
from signxml import XMLSigner, XMLVerifier
from structlog import get_logger
from passbook.lib.utils.template import render_to_string
LOGGER = get_logger()
def sign_with_signxml(private_key, data, cert, reference_uri=None):
"""Sign Data with signxml"""
key = serialization.load_pem_private_key(
str.encode("\n".join([x.strip() for x in private_key.split("\n")])),
password=None,
backend=default_backend(),
)
# defused XML is not used here because it messes up XML namespaces
# Data is trusted, so lxml is ok
root = etree.fromstring(data) # nosec
signer = XMLSigner(c14n_algorithm="http://www.w3.org/2001/10/xml-exc-c14n#")
signed = signer.sign(root, key=key, cert=[cert], reference_uri=reference_uri)
XMLVerifier().verify(signed, x509_cert=cert)
return etree.tostring(signed).decode("utf-8") # nosec
def get_signature_xml():
"""Returns XML Signature for subject."""
return render_to_string("saml/xml/signature.xml", {})
Reference in New Issue View Git Blame Copy Permalink