add signing RSA key to config

src/sso_server/sso_server/saml/flask_views.py

@@ -19,8 +19,18 @@ sso_cookie_name = 'SSO_SAML'
 def init_app(app):
     app.register_blueprint(saml_app, url_prefix='/saml/')
 
+    # Stick a 'saml_config' object in the main app, so that
+    # xml_signing can find it via current_app.
+    app.saml_certificate = xml_signing.load_certificate(saml_config['CERTIFICATE_FILE'])
+    app.saml_private_key = xml_signing.load_private_key(saml_config['PRIVATE_KEY_FILE'])
+
+    saml_config = app.config['SAML']
+    saml_app.config = saml_config
     saml_app.login_server = app.config['SSO_LOGIN_SERVER']
     saml_app.sso_service = saml_app.login_server + 'saml/'
+    url_base = 'https://' + saml_app.sso_service
+    saml_app.sso_url = url_base + 'login'
+    saml_app.slo_url = url_base + 'logout'
     with open(app.config['SSO_PUBLIC_KEY']) as fd:
         public_key = fd.read()
     saml_app.sso_verifier = sso.Verifier(
@@ -108,9 +118,9 @@ def descriptor():
     idp_config = current_app.config['SAML2IDP_CONFIG']
     tv = {
         'entity_id': idp_config['issuer'],
-        'slo_url': current_app.config['SAML_SLO_URL'],
-        'sso_url': current_app.config['SAML_LOGIN_URL'],
-        'pubkey': xml_signing.load_certificate(idp_config),
+        'slo_url': saml_app.slo_url,
+        'sso_url': saml_app.sso_url,
+        'pubkey': current_app.saml_certificate,
         }
     resp = make_response(render_template('saml/idpssodescriptor.xml', tv))
     resp.headers['Content-Type'] = 'application/xml'

src/sso_server/sso_server/saml/xml_signing.py

@@ -16,30 +16,19 @@ from .logging import get_saml_logger
 logger = get_saml_logger()
 
 
-def load_certificate(config):
-    if 'certificate_data' in config:
-        return config.get('certificate_data', '')
-
-    certificate_filename = config.get('certificate_file')
-    logger.info('Using certificate file: ' + certificate_filename)
-
-    certificate = M2Crypto.X509.load_cert(certificate_filename)
+def load_certificate(filename):
+    logger.info('Using certificate file: {}'.format(filename))
+    certificate = M2Crypto.X509.load_cert(filename)
     return ''.join(certificate.as_pem().split('\n')[1:-2])
 
 
-def load_private_key(config):
-    private_key_data = config.get('private_key_data')
-
-    if private_key_data:
-        return M2Crypto.EVP.load_key_string(private_key_data)
-
-    private_key_file = config.get('private_key_file')
-    logger.info('Using private key file: {}'.format(private_key_file))
+def load_private_key(filename):
+    logger.info('Using private key file: {}'.format(filename))
 
     # The filename need to be encoded because it is using a C extension under
     # the hood which means it expects a 'const char*' type and will fail with
     # unencoded unicode string.
-    return M2Crypto.EVP.load_key(private_key_file.encode('utf-8'))
+    return M2Crypto.EVP.load_key(filename.encode('utf-8'))
 
 
 def sign_with_rsa(private_key, data):
@@ -53,10 +42,9 @@ def get_signature_xml(subject, reference_uri):
     Returns XML Signature for subject.
     """
     logger.debug('get_signature_xml - Begin.')
-    config = current_app.config['SAML2IDP_CONFIG']
-
-    private_key = load_private_key(config)
-    certificate = load_certificate(config)
+    #config = current_app.saml_config
+    private_key = current_app.saml_private_key
+    certificate = current_app.saml_certificate
 
     logger.debug('Subject: ' + subject)