openstack/deb-python-pysaml2
Code Issues Proposed changes

Merge pull request #204 from HaToHo/master

Browse Source 
PEFIM fixes
This commit is contained in:
Roland Hedberg
2015-04-21 16:50:54 -07:00
parent d38e94715b 453061ca45
commit da91d0885f
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
example/idp2/idp.py
View File

@@ -335,6 +335,8 @@ class SSO(Service):
_resp = IDP.create_authn_response( _resp = IDP.create_authn_response(
identity, userid=self.user, identity, userid=self.user,
encrypt_cert=encrypt_cert, encrypt_cert=encrypt_cert,
encrypt_assertion_self_contained=True,
encrypted_advice_attributes=True,
**resp_args) **resp_args)
except Exception as excp: except Exception as excp:
logging.error(exception_trace(excp)) logging.error(exception_trace(excp))
@@ -399,9 +401,9 @@ class SSO(Service):
return resp(self.environ, self.start_response) return resp(self.environ, self.start_response)
if self.user: if self.user:
saml_msg["req_info"] = self.req_info
if _req.force_authn is not None and \ if _req.force_authn is not None and \
_req.force_authn.lower() == 'true': _req.force_authn.lower() == 'true':
saml_msg["req_info"] = self.req_info
key = self._store_request(saml_msg) key = self._store_request(saml_msg)
return self.not_authn(key, _req.requested_authn_context) return self.not_authn(key, _req.requested_authn_context)
else: else:
@@ -1013,6 +1015,7 @@ def application(environ, start_response):
if isinstance(callback, tuple): if isinstance(callback, tuple):
cls = callback[0](environ, start_response, user) cls = callback[0](environ, start_response, user)
func = getattr(cls, callback[1]) func = getattr(cls, callback[1])
return func() return func()
return callback(environ, start_response, user) return callback(environ, start_response, user)

4
src/saml2/aes.py
View File

@@ -87,7 +87,7 @@ class AESCipher(object):
return cmsg return cmsg
def decrypt(self, msg, iv=None, padding="PKCS#7", b64dec=True): def decrypt(self, msg, iv=None, alg="aes_128_cbc", padding="PKCS#7", b64dec=True):
""" """
:param key: The encryption key :param key: The encryption key
:param iv: init vector :param iv: init vector
@@ -102,7 +102,7 @@ class AESCipher(object):
_iv = data[:AES.block_size] _iv = data[:AES.block_size]
if iv: if iv:
assert iv == _iv assert iv == _iv
cipher, iv = self.build_cipher(iv) cipher, iv = self.build_cipher(iv, alg=alg)
res = cipher.decrypt(data)[AES.block_size:] res = cipher.decrypt(data)[AES.block_size:]
if padding in ["PKCS#5", "PKCS#7"]: if padding in ["PKCS#5", "PKCS#7"]:
res = res[:-ord(res[-1])] res = res[:-ord(res[-1])]

1
src/saml2/sigver.py
View File

@@ -1820,6 +1820,7 @@ def pre_encrypt_assertion(response):
assertion = response.assertion assertion = response.assertion
response.assertion = None response.assertion = None
response.encrypted_assertion = EncryptedAssertion() response.encrypted_assertion = EncryptedAssertion()
if assertion is not None:
if isinstance(assertion, list): if isinstance(assertion, list):
response.encrypted_assertion.add_extension_elements(assertion) response.encrypted_assertion.add_extension_elements(assertion)
else: else: