Commit 4ae23e57 authored by ale's avatar ale

add signing RSA key to config

parent de37aca9
......@@ -19,8 +19,18 @@ sso_cookie_name = 'SSO_SAML'
def init_app(app):
app.register_blueprint(saml_app, url_prefix='/saml/')
# Stick a 'saml_config' object in the main app, so that
# xml_signing can find it via current_app.
app.saml_certificate = xml_signing.load_certificate(saml_config['CERTIFICATE_FILE'])
app.saml_private_key = xml_signing.load_private_key(saml_config['PRIVATE_KEY_FILE'])
saml_config = app.config['SAML']
saml_app.config = saml_config
saml_app.login_server = app.config['SSO_LOGIN_SERVER']
saml_app.sso_service = saml_app.login_server + 'saml/'
url_base = 'https://' + saml_app.sso_service
saml_app.sso_url = url_base + 'login'
saml_app.slo_url = url_base + 'logout'
with open(app.config['SSO_PUBLIC_KEY']) as fd:
public_key = fd.read()
saml_app.sso_verifier = sso.Verifier(
......@@ -108,9 +118,9 @@ def descriptor():
idp_config = current_app.config['SAML2IDP_CONFIG']
tv = {
'entity_id': idp_config['issuer'],
'slo_url': current_app.config['SAML_SLO_URL'],
'sso_url': current_app.config['SAML_LOGIN_URL'],
'pubkey': xml_signing.load_certificate(idp_config),
'slo_url': saml_app.slo_url,
'sso_url': saml_app.sso_url,
'pubkey': current_app.saml_certificate,
}
resp = make_response(render_template('saml/idpssodescriptor.xml', tv))
resp.headers['Content-Type'] = 'application/xml'
......
......@@ -16,30 +16,19 @@ from .logging import get_saml_logger
logger = get_saml_logger()
def load_certificate(config):
if 'certificate_data' in config:
return config.get('certificate_data', '')
certificate_filename = config.get('certificate_file')
logger.info('Using certificate file: ' + certificate_filename)
certificate = M2Crypto.X509.load_cert(certificate_filename)
def load_certificate(filename):
logger.info('Using certificate file: {}'.format(filename))
certificate = M2Crypto.X509.load_cert(filename)
return ''.join(certificate.as_pem().split('\n')[1:-2])
def load_private_key(config):
private_key_data = config.get('private_key_data')
if private_key_data:
return M2Crypto.EVP.load_key_string(private_key_data)
private_key_file = config.get('private_key_file')
logger.info('Using private key file: {}'.format(private_key_file))
def load_private_key(filename):
logger.info('Using private key file: {}'.format(filename))
# The filename need to be encoded because it is using a C extension under
# the hood which means it expects a 'const char*' type and will fail with
# unencoded unicode string.
return M2Crypto.EVP.load_key(private_key_file.encode('utf-8'))
return M2Crypto.EVP.load_key(filename.encode('utf-8'))
def sign_with_rsa(private_key, data):
......@@ -53,10 +42,9 @@ def get_signature_xml(subject, reference_uri):
Returns XML Signature for subject.
"""
logger.debug('get_signature_xml - Begin.')
config = current_app.config['SAML2IDP_CONFIG']
private_key = load_private_key(config)
certificate = load_certificate(config)
#config = current_app.saml_config
private_key = current_app.saml_private_key
certificate = current_app.saml_certificate
logger.debug('Subject: ' + subject)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment