Allow signature verification even on local files.

2014-06-18 13:21:43 +02:00
parent 2ee73258f9
commit 041aa27dcd
3 changed files with 14 additions and 6 deletions
--- a/src/saml2/mdstore.py
+++ b/src/saml2/mdstore.py
@@ -107,12 +107,12 @@ def repack_cert(cert):

 class MetaData(object):
    def __init__(self, onts, attrc, metadata="", node_name=None,
-                 check_validity=True, **kwargs):
+                 check_validity=True, security=None, **kwargs):
        self.onts = onts
        self.attrc = attrc
        self.entity = {}
        self.metadata = metadata
-        self.security = None
+        self.security = security
        self.node_name = node_name
        self.entities_descr = None
        self.entity_descr = None
@@ -412,11 +412,13 @@ class MetaDataLoader(MetaDataFile):
    Handles Metadata file loaded by a passed in function.
    The format of the file is the SAML Metadata format.
    """
-    def __init__(self, onts, attrc, loader_callable, cert=None, **kwargs):
+    def __init__(self, onts, attrc, loader_callable, cert=None,
+                 security=None, **kwargs):
        MetaData.__init__(self, onts, attrc, **kwargs)
        self.metadata_provider_callable = self.get_metadata_loader(
            loader_callable)
        self.cert = cert
+        self.security = security

    @staticmethod
    def get_metadata_loader(func):
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -1119,11 +1119,11 @@ class CertHandler(object):
            self._verify_cert = verify_cert is True
            self._security_context = security_context
            self._osw = OpenSSLWrapper()
-            if key_file is not None and os.path.isfile(key_file):
+            if key_file and os.path.isfile(key_file):
                self._key_str = self._osw.read_str_from_file(key_file, key_type)
            else:
                self._key_str = ""
-            if cert_file is not None:
+            if cert_file and os.path.isfile(key_file):
                self._cert_str = self._osw.read_str_from_file(cert_file,
                                                              cert_type)
            else:
--- a/tools/verify_metadata.py
+++ b/tools/verify_metadata.py
@@ -61,7 +61,13 @@ else:
    kwargs = {}

 if args.type == "local":
-    metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs)
+    if args.cert and args.xmlsec:
+        crypto = _get_xmlsec_cryptobackend(args.xmlsec)
+        sc = SecurityContext(crypto)
+        metad = MetaDataFile(ONTS.values(), args.item, args.item,
+                             cert=args.cert, security=sc, **kwargs)
+    else:
+        metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs)
 elif args.type == "external":
    ATTRCONV = ac_factory(args.attrsmap)
    httpc = HTTPBase()