diff options
| author | peppelinux <giuseppe.demarco@unical.it> | 2020-12-13 18:50:45 +0100 |
|---|---|---|
| committer | peppelinux <giuseppe.demarco@unical.it> | 2020-12-13 18:50:51 +0100 |
| commit | 0a1413490998ffe8f9e119fda582013d819ad531 (patch) | |
| tree | 3389e730ca3b38839a1eac6ad1f3ddeae63658b6 | |
| parent | a23ed34e395b5f7f71e8226c7ad2075736a892c4 (diff) | |
| download | pysaml2-0a1413490998ffe8f9e119fda582013d819ad531.tar.gz | |
Fixed: "WARN XMLTooling.Decrypter [7] [default]: XMLSecurity exception while decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI http://www.w3.org/2001/04/xmlenc#rsa-1_5 disallowed by whitelist/blacklist policy"
| -rw-r--r-- | src/saml2/sigver.py | 7 | ||||
| -rw-r--r-- | src/saml2/xml_template/template.xml | 6 |
2 files changed, 7 insertions, 6 deletions
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 0ea7b66d..e65cb2c8 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -61,9 +61,11 @@ logger = logging.getLogger(__name__) SIG = '{{{ns}#}}{attribute}'.format(ns=ds.NAMESPACE, attribute='Signature') +# deprecated RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' -TRIPLE_DES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' +TRIPLE_DES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' +RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" class SigverError(SAMLError): pass @@ -1849,7 +1851,8 @@ def pre_signature_part( # </EncryptedData> -def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rsa-key', +def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_OAEP, + key_name='my-rsa-key', encrypted_key_id=None, encrypted_data_id=None, encrypt_cert=None): """ diff --git a/src/saml2/xml_template/template.xml b/src/saml2/xml_template/template.xml index 0b962e55..d581485e 100644 --- a/src/saml2/xml_template/template.xml +++ b/src/saml2/xml_template/template.xml @@ -2,12 +2,10 @@ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> - <EncryptionMethod Algorithm= - "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> - <EncryptionMethod Algorithm= - "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> + <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName/> </KeyInfo> |