Added configuration so the test idp can change sign and digest algorithm.

If SIGN_ALG = None DIGEST_ALG = None in service_conf sha1 will be used.
2015-11-06 12:41:30 +01:00
parent 1d1b7b2624
commit 8c901a8f84
2 changed files with 19 additions and 0 deletions
--- a/example/idp2/idp.py
+++ b/example/idp2/idp.py
@@ -51,6 +51,7 @@ from saml2.sigver import encrypt_cert_from_item
 from idp_user import USERS
 from idp_user import EXTRA
 from mako.lookup import TemplateLookup
+import saml2.xmldsig as ds

 logger = logging.getLogger("saml2.idp")
 logger.setLevel(logging.WARNING)
@@ -1067,6 +1068,18 @@ if __name__ == '__main__':
    HOST = CONFIG.HOST
    PORT = CONFIG.PORT

+    sign_alg = None
+    digest_alg = None
+    try:
+        sign_alg = CONFIG.SIGN_ALG
+    except:
+        pass
+    try:
+        digest_alg = CONFIG.DIGEST_ALG
+    except:
+        pass
+    ds.DefaultSignature(sign_alg, digest_alg)
+
    SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)

    _https = ""
--- a/example/idp2/idp_conf.py.example
+++ b/example/idp2/idp_conf.py.example
@@ -8,6 +8,7 @@ from saml2.saml import NAME_FORMAT_URI
 from saml2.saml import NAMEID_FORMAT_TRANSIENT
 from saml2.saml import NAMEID_FORMAT_PERSISTENT
 import os.path
+import saml2.xmldsig as ds

 try:
    from saml2.sigver import get_xmlsec_binary
@@ -39,6 +40,11 @@ else:
 SERVER_CERT = "pki/mycert.pem"
 SERVER_KEY = "pki/mykey.pem"
 CERT_CHAIN = ""
+SIGN_ALG = None
+DIGEST_ALG = None
+#SIGN_ALG = ds.SIG_RSA_SHA512
+#DIGEST_ALG = ds.DIGEST_SHA512
+

 CONFIG = {
    "entityid": "%s/idp.xml" % BASE,