openstack/deb-python-pysaml2
Code Issues Proposed changes

Usage of a cryptographically suitable RNG. Proposed by Seth Arnold.

Browse Source
This commit is contained in:
Roland Hedberg
2015-02-28 07:26:23 +01:00
parent 7b025c619f
commit 6828283977
3 changed files with 21 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
setup.py
View File

@@ -51,8 +51,8 @@ if sys.version_info < (2, 7):
setup( setup(
name='pysaml2', name='pysaml2',
version='2.3.0', version='2.4.0beta',
description='Python implementation of SAML Version 2 to be used in a WSGI environment', description='Python implementation of SAML Version 2',
# long_description = read("README"), # long_description = read("README"),
author='Roland Hedberg', author='Roland Hedberg',
author_email='roland.hedberg@adm.umu.se', author_email='roland.hedberg@adm.umu.se',

24
src/saml2/s_utils.py
View File

@@ -7,6 +7,7 @@ import time
import base64 import base64
import sys import sys
import hmac import hmac
import string
# from python 2.5 # from python 2.5
import imp import imp
@@ -154,31 +155,28 @@ def deflate_and_base64_encode(string_val):
return base64.b64encode(zlib.compress(string_val)[2:-4]) return base64.b64encode(zlib.compress(string_val)[2:-4])
def rndstr(size=16): def rndstr(size=16, alphabet=""):
""" """
Returns a string of random ascii characters or digits Returns a string of random ascii characters or digits
:param size: The length of the string :param size: The length of the string
:return: string :return: string
""" """
_basech = string.ascii_letters + string.digits rng = random.SystemRandom()
return "".join([random.choice(_basech) for _ in range(size)]) if not alphabet:
alphabet = string.letters[0:52] + string.digits
return str().join(rng.choice(alphabet) for _ in range(size))
def sid(seed=""): def sid():
"""The hash of the server time + seed makes an unique SID for each session. """creates an unique SID for each session.
128-bits long so it fulfills the SAML2 requirements which states 160-bits long so it fulfills the SAML2 requirements which states
128-160 bits 128-160 bits
:param seed: A seed string :return: A random string prefix with 'id-' to make it
:return: The hex version of the digest, prefixed by 'id-' to make it
compliant with the NCName specification compliant with the NCName specification
""" """
ident = md5() return "id-" + rndstr(17)
ident.update(repr(time.time()))
if seed:
ident.update(seed)
return "id-" + ident.hexdigest()
def parse_attribute_map(filenames): def parse_attribute_map(filenames):

21
src/saml2/sigver.py
View File

@@ -33,7 +33,7 @@ from saml2 import saml
from saml2 import ExtensionElement from saml2 import ExtensionElement
from saml2 import VERSION from saml2 import VERSION
from saml2.s_utils import sid from saml2.s_utils import sid, rndstr
from saml2.s_utils import Unsupported from saml2.s_utils import Unsupported
from saml2.time_util import instant from saml2.time_util import instant
@@ -322,18 +322,13 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# def create_id():
# """ Create a string of 40 random characters from the set [a-p],
def create_id(): # can be used as a unique identifier of objects.
""" Create a string of 40 random characters from the set [a-p], #
can be used as a unique identifier of objects. # :return: The string of random characters
# """
:return: The string of random characters # return rndstr(40, "abcdefghijklmonp")
"""
ret = ""
for _ in range(40):
ret += chr(random.randint(0, 15) + ord('a'))
return ret
def make_temp(string, suffix="", decode=True, delete=True): def make_temp(string, suffix="", decode=True, delete=True):