Commit 4ae23e57 authored by ale's avatar ale

add signing RSA key to config

parent de37aca9
...@@ -19,8 +19,18 @@ sso_cookie_name = 'SSO_SAML' ...@@ -19,8 +19,18 @@ sso_cookie_name = 'SSO_SAML'
def init_app(app): def init_app(app):
app.register_blueprint(saml_app, url_prefix='/saml/') app.register_blueprint(saml_app, url_prefix='/saml/')
# Stick a 'saml_config' object in the main app, so that
# xml_signing can find it via current_app.
app.saml_certificate = xml_signing.load_certificate(saml_config['CERTIFICATE_FILE'])
app.saml_private_key = xml_signing.load_private_key(saml_config['PRIVATE_KEY_FILE'])
saml_config = app.config['SAML']
saml_app.config = saml_config
saml_app.login_server = app.config['SSO_LOGIN_SERVER'] saml_app.login_server = app.config['SSO_LOGIN_SERVER']
saml_app.sso_service = saml_app.login_server + 'saml/' saml_app.sso_service = saml_app.login_server + 'saml/'
url_base = 'https://' + saml_app.sso_service
saml_app.sso_url = url_base + 'login'
saml_app.slo_url = url_base + 'logout'
with open(app.config['SSO_PUBLIC_KEY']) as fd: with open(app.config['SSO_PUBLIC_KEY']) as fd:
public_key = fd.read() public_key = fd.read()
saml_app.sso_verifier = sso.Verifier( saml_app.sso_verifier = sso.Verifier(
...@@ -108,9 +118,9 @@ def descriptor(): ...@@ -108,9 +118,9 @@ def descriptor():
idp_config = current_app.config['SAML2IDP_CONFIG'] idp_config = current_app.config['SAML2IDP_CONFIG']
tv = { tv = {
'entity_id': idp_config['issuer'], 'entity_id': idp_config['issuer'],
'slo_url': current_app.config['SAML_SLO_URL'], 'slo_url': saml_app.slo_url,
'sso_url': current_app.config['SAML_LOGIN_URL'], 'sso_url': saml_app.sso_url,
'pubkey': xml_signing.load_certificate(idp_config), 'pubkey': current_app.saml_certificate,
} }
resp = make_response(render_template('saml/idpssodescriptor.xml', tv)) resp = make_response(render_template('saml/idpssodescriptor.xml', tv))
resp.headers['Content-Type'] = 'application/xml' resp.headers['Content-Type'] = 'application/xml'
......
...@@ -16,30 +16,19 @@ from .logging import get_saml_logger ...@@ -16,30 +16,19 @@ from .logging import get_saml_logger
logger = get_saml_logger() logger = get_saml_logger()
def load_certificate(config): def load_certificate(filename):
if 'certificate_data' in config: logger.info('Using certificate file: {}'.format(filename))
return config.get('certificate_data', '') certificate = M2Crypto.X509.load_cert(filename)
certificate_filename = config.get('certificate_file')
logger.info('Using certificate file: ' + certificate_filename)
certificate = M2Crypto.X509.load_cert(certificate_filename)
return ''.join(certificate.as_pem().split('\n')[1:-2]) return ''.join(certificate.as_pem().split('\n')[1:-2])
def load_private_key(config): def load_private_key(filename):
private_key_data = config.get('private_key_data') logger.info('Using private key file: {}'.format(filename))
if private_key_data:
return M2Crypto.EVP.load_key_string(private_key_data)
private_key_file = config.get('private_key_file')
logger.info('Using private key file: {}'.format(private_key_file))
# The filename need to be encoded because it is using a C extension under # The filename need to be encoded because it is using a C extension under
# the hood which means it expects a 'const char*' type and will fail with # the hood which means it expects a 'const char*' type and will fail with
# unencoded unicode string. # unencoded unicode string.
return M2Crypto.EVP.load_key(private_key_file.encode('utf-8')) return M2Crypto.EVP.load_key(filename.encode('utf-8'))
def sign_with_rsa(private_key, data): def sign_with_rsa(private_key, data):
...@@ -53,10 +42,9 @@ def get_signature_xml(subject, reference_uri): ...@@ -53,10 +42,9 @@ def get_signature_xml(subject, reference_uri):
Returns XML Signature for subject. Returns XML Signature for subject.
""" """
logger.debug('get_signature_xml - Begin.') logger.debug('get_signature_xml - Begin.')
config = current_app.config['SAML2IDP_CONFIG'] #config = current_app.saml_config
private_key = current_app.saml_private_key
private_key = load_private_key(config) certificate = current_app.saml_certificate
certificate = load_certificate(config)
logger.debug('Subject: ' + subject) logger.debug('Subject: ' + subject)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment