0001-saml-use-RSA-SHA256-signature-method-32011.patch

Benjamin Dauvergne, 04 avril 2019 19:02

Voir les différences: en ligne côte à côte

Subject: [PATCH] saml: use RSA-SHA256 signature method (#32011)

 src/authentic2/idp/saml/app_settings.py | 1 +
 src/authentic2/saml/common.py           | 7 +++++++
 tests/test_idp_saml2.py                 | 9 +++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

src/authentic2/idp/saml/app_settings.py
51	51	TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
52	52	-----END RSA PRIVATE KEY-----''',
53	53	ADD_CERTIFICATE_TO_KEY_INFO=True,
	54	SIGNATURE_METHOD='RSA-SHA256',
54	55	)
55	56
56	57	def __init__(self, prefix):

             get_saml2_metadata(request, metadata, idp_map=idp_map, sp_map=sp_map,
                                options=options),
             options.get('private_key'), certificate_content=certificate_content)
         if app_settings.SIGNATURE_METHOD:
                 signature_method = app_settings.SIGNATURE_METHOD
                 symbol_name = 'SIGNATURE_METHOD_' + signature_method.replace('-', '_').upper()
                 if hasattr(lasso, symbol_name):
                     server.signatureMethod = getattr(lasso, symbol_name)
                 else:
                     logger.warning('idp_saml: unable to set signature method %s', signature_method)
         if not server:
             raise Exception('Cannot create LassoServer object')
         return server

             sp_meta = self.get_sp_metadata(base_url=base_url)
             idp_meta = self.get_idp_metadata()
             server = lasso.Server.newFromBuffers(sp_meta)
             server.signatureMethod = lasso.SIGNATURE_METHOD_RSA_SHA256
             server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp_meta)
             return server
-...
             url_parsed = urlparse.urlparse(login.msgUrl)
             self.assertEqual(url_parsed.path, reverse('a2-idp-saml-sso'),
                              'msgUrl should target the sso endpoint')
             if sign:
                 assert 'rsa-sha256' in login.msgUrl
             return login.msgUrl, login.msgBody, request.id
         def parse_authn_response(self, saml_response):
-...
                 self.assertIn('SAMLResponse', doc.forms[0].fields)
                 saml_response = doc.forms[0].fields['SAMLResponse']
                 try:
                     base64.b64decode(saml_response)
                     decoded_saml_response = base64.b64decode(saml_response)
                 except TypeError:
                     self.fail('SAMLResponse is not base64 encoded: %s'
                               % saml_response)
                 assert b'rsa-sha256' in decoded_saml_response
                 with self.assertRaises(lasso.ProfileRequestDeniedError):
                     assertion = self.parse_authn_response(saml_response)
             elif not authorized_service:
-...
                 self.assertIn('SAMLResponse', doc.forms[0].fields)
                 saml_response = doc.forms[0].fields['SAMLResponse']
                 try:
                     base64.b64decode(saml_response)
                     decoded_saml_response = base64.b64decode(saml_response)
                 except TypeError:
                     self.fail('SAMLResponse is not base64 encoded: %s' % saml_response)
                 assert b'rsa-sha256' in decoded_saml_response
                 login = self.parse_authn_response(saml_response)
                 assertion = login.assertion
                 session_not_on_or_after = login.assertion.authnStatement[0].sessionNotOnOrAfter
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-saml-use-RSA-SHA256-signature-method-32011.patch