diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-06-18 13:21:43 +0200 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-06-18 13:21:43 +0200 |
commit | 041aa27dcdb74ed8d6a7febdbe9995181dd1c79d (patch) | |
tree | 59e378d81ed0ef3dbe1e1b34e9264deb2debec61 | |
parent | 2ee73258f923c55783a4b8650ad7fb3394bf83c1 (diff) | |
download | pysaml2-041aa27dcdb74ed8d6a7febdbe9995181dd1c79d.tar.gz |
Allow signature verification even on local files.
-rw-r--r-- | src/saml2/mdstore.py | 8 | ||||
-rw-r--r-- | src/saml2/sigver.py | 4 | ||||
-rwxr-xr-x | tools/verify_metadata.py | 8 |
3 files changed, 14 insertions, 6 deletions
diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py index 4d82e810..4927925e 100644 --- a/src/saml2/mdstore.py +++ b/src/saml2/mdstore.py @@ -107,12 +107,12 @@ def repack_cert(cert): class MetaData(object): def __init__(self, onts, attrc, metadata="", node_name=None, - check_validity=True, **kwargs): + check_validity=True, security=None, **kwargs): self.onts = onts self.attrc = attrc self.entity = {} self.metadata = metadata - self.security = None + self.security = security self.node_name = node_name self.entities_descr = None self.entity_descr = None @@ -412,11 +412,13 @@ class MetaDataLoader(MetaDataFile): Handles Metadata file loaded by a passed in function. The format of the file is the SAML Metadata format. """ - def __init__(self, onts, attrc, loader_callable, cert=None, **kwargs): + def __init__(self, onts, attrc, loader_callable, cert=None, + security=None, **kwargs): MetaData.__init__(self, onts, attrc, **kwargs) self.metadata_provider_callable = self.get_metadata_loader( loader_callable) self.cert = cert + self.security = security @staticmethod def get_metadata_loader(func): diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 972c7489..e0680359 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -1119,11 +1119,11 @@ class CertHandler(object): self._verify_cert = verify_cert is True self._security_context = security_context self._osw = OpenSSLWrapper() - if key_file is not None and os.path.isfile(key_file): + if key_file and os.path.isfile(key_file): self._key_str = self._osw.read_str_from_file(key_file, key_type) else: self._key_str = "" - if cert_file is not None: + if cert_file and os.path.isfile(key_file): self._cert_str = self._osw.read_str_from_file(cert_file, cert_type) else: diff --git a/tools/verify_metadata.py b/tools/verify_metadata.py index 103518c7..0b6f4d07 100755 --- a/tools/verify_metadata.py +++ b/tools/verify_metadata.py @@ -61,7 +61,13 @@ else: kwargs = {} if args.type == "local": - metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs) + if args.cert and args.xmlsec: + crypto = _get_xmlsec_cryptobackend(args.xmlsec) + sc = SecurityContext(crypto) + metad = MetaDataFile(ONTS.values(), args.item, args.item, + cert=args.cert, security=sc, **kwargs) + else: + metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs) elif args.type == "external": ATTRCONV = ac_factory(args.attrsmap) httpc = HTTPBase() |