openstack/deb-python-pysaml2
Code Issues Proposed changes

Added encryption support for multiple assertions, advice elements with multiple assertions.

Browse Source
This commit is contained in:
Hans Hörberg
2015-05-19 13:25:45 +02:00
parent 1d031a499c
commit eb1f1778db
2 changed files with 38 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/saml2/entity.py
View File

@@ -1,5 +1,6 @@
import base64 import base64
#from binascii import hexlify #from binascii import hexlify
import copy
import logging import logging
from hashlib import sha1 from hashlib import sha1
from Crypto.PublicKey import RSA from Crypto.PublicKey import RSA
@@ -578,41 +579,45 @@ class Entity(HTTPBase):
cbxs = CryptoBackendXmlSec1(self.config.xmlsec_binary) cbxs = CryptoBackendXmlSec1(self.config.xmlsec_binary)
encrypt_advice = False encrypt_advice = False
if encrypted_advice_attributes and response.assertion.advice is not None \ if encrypted_advice_attributes and response.assertion.advice is not None \
and len(response.assertion.advice.assertion) == 1: and len(response.assertion.advice.assertion) > 0:
to_sign_advice = [] _assertions = response.assertion
if sign_assertion is not None and sign_assertion: if not isinstance(_assertions, list):
if response.assertion.advice and response.assertion.advice.assertion: _assertions = [_assertions]
for tmp_assertion in response.assertion.advice.assertion: for _assertion in _assertions:
_assertion.advice.encrypted_assertion = []
_assertion.advice.encrypted_assertion.append(EncryptedAssertion())
_advice_assertions = copy.deepcopy(_assertion.advice.assertion)
_assertion.advice.assertion = []
if not isinstance(_advice_assertions, list):
_advice_assertions = [_advice_assertions]
for tmp_assertion in _advice_assertions:
to_sign_advice = []
if sign_assertion is not None and sign_assertion:
tmp_assertion.signature = pre_signature_part(tmp_assertion.id, self.sec.my_cert, 1) tmp_assertion.signature = pre_signature_part(tmp_assertion.id, self.sec.my_cert, 1)
to_sign_advice.append((class_name(tmp_assertion), tmp_assertion.id)) to_sign_advice.append((class_name(tmp_assertion), tmp_assertion.id))
tmp_assertion = response.assertion.advice.assertion[0] #tmp_assertion = response.assertion.advice.assertion[0]
response.assertion.advice.encrypted_assertion = [] _assertion.advice.encrypted_assertion[0].add_extension_element(tmp_assertion)
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
if isinstance(tmp_assertion, list): if encrypt_assertion_self_contained:
response.assertion.advice.encrypted_assertion[0].add_extension_elements(tmp_assertion) advice_tag = response.assertion.advice._to_element_tree().tag
else: assertion_tag = tmp_assertion._to_element_tree().tag
response.assertion.advice.encrypted_assertion[0].add_extension_element(tmp_assertion) response = \
response.assertion.advice.assertion = [] response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
if encrypt_assertion_self_contained: assertion_tag, advice_tag)
advice_tag = response.assertion.advice._to_element_tree().tag node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
assertion_tag = tmp_assertion._to_element_tree().tag ["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
response = response.\
get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(assertion_tag, if to_sign_advice:
advice_tag) response = signed_instance_factory(response, self.sec, to_sign_advice)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in response = self._encrypt_assertion(encrypt_cert_advice, sp_entity_id, response, node_xpath=node_xpath)
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]]) response = response_from_string(response)
if to_sign_advice:
response = signed_instance_factory(response, self.sec, to_sign_advice)
response = self._encrypt_assertion(encrypt_cert_advice, sp_entity_id, response, node_xpath=node_xpath)
if encrypt_assertion:
response = response_from_string(response)
if encrypt_assertion: if encrypt_assertion:
to_sign_assertion = [] to_sign_assertion = []
if sign_assertion is not None and sign_assertion: if sign_assertion is not None and sign_assertion:
_assertions = response.assertion _assertions = response.assertion
if not isinstance(response.assertion, list): if not isinstance(_assertions, list):
_assertions = [response.assertion] _assertions = [_assertions]
for _assertion in _assertions: for _assertion in _assertions:
_assertion.signature = pre_signature_part(_assertion.id, self.sec.my_cert, 1) _assertion.signature = pre_signature_part(_assertion.id, self.sec.my_cert, 1)
to_sign_assertion.append((class_name(_assertion), _assertion.id)) to_sign_assertion.append((class_name(_assertion), _assertion.id))

6
tests/test_50_server.py
View File

@@ -738,6 +738,8 @@ class TestServer1():
encrypt_cert_advice=cert_str_advice, encrypt_cert_advice=cert_str_advice,
) )
_resp = "%s" % _resp
sresponse = response_from_string(_resp) sresponse = response_from_string(_resp)
assert sresponse.signature is None assert sresponse.signature is None
@@ -859,6 +861,8 @@ class TestServer1():
encrypted_advice_attributes=True, encrypted_advice_attributes=True,
) )
_resp = "%s" % _resp
sresponse = response_from_string(_resp) sresponse = response_from_string(_resp)
assert sresponse.signature is None assert sresponse.signature is None
@@ -1072,4 +1076,4 @@ class TestServerLogout():
if __name__ == "__main__": if __name__ == "__main__":
ts = TestServer1() ts = TestServer1()
ts.setup_class() ts.setup_class()
ts.test_encrypted_signed_response_4() ts.test_encrypted_response_1()