diff options
author | peppelinux <giuseppe.demarco@unical.it> | 2020-12-13 18:42:15 +0100 |
---|---|---|
committer | peppelinux <giuseppe.demarco@unical.it> | 2020-12-13 18:42:15 +0100 |
commit | a23ed34e395b5f7f71e8226c7ad2075736a892c4 (patch) | |
tree | 04fa6d632cb5cc62fd3a9c087ba856adbe904bd1 | |
parent | 3513e46c7f78ad712dd83af52d5a28b55b652668 (diff) | |
download | pysaml2-a23ed34e395b5f7f71e8226c7ad2075736a892c4.tar.gz |
Fixed: "ERROR Shibboleth.SSO.SAML2 [6] [default]: failed to decrypt assertion: Unable to resolve any key decryption keys."
-rw-r--r-- | src/saml2/entity.py | 6 | ||||
-rw-r--r-- | src/saml2/sigver.py | 8 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 71e9ecfb..3311e6a2 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -660,8 +660,12 @@ class Entity(HTTPBase): tmp = make_temp(_cert.encode('ascii'), decode=False, delete_tmpfiles=self.config.delete_tmpfiles) + + # it would be possibile to handle many other args here ... + pre_enc_part = pre_encryption_part(encrypt_cert=encrypt_cert) + response = self.sec.encrypt_assertion(response, tmp.name, - pre_encryption_part(), + pre_enc_part, node_xpath=node_xpath) return response except Exception as ex: diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 52324eb4..0ea7b66d 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -1850,7 +1850,8 @@ def pre_signature_part( def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rsa-key', - encrypted_key_id=None, encrypted_data_id=None): + encrypted_key_id=None, encrypted_data_id=None, + encrypt_cert=None): """ :param msg_enc: @@ -1865,7 +1866,10 @@ def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rs encrypted_key = EncryptedKey( id=ek_id, encryption_method=key_encryption_method, - key_info=ds.KeyInfo(key_name=ds.KeyName(text=key_name)), + key_info=ds.KeyInfo(key_name=ds.KeyName(text=key_name), + x509_data=ds.X509Data( + x509_certificate=ds.X509Certificate(text=encrypt_cert) + )), cipher_data=CipherData(cipher_value=CipherValue(text='')), ) key_info = ds.KeyInfo(encrypted_key=encrypted_key) |