Fixed: "ERROR Shibboleth.SSO.SAML2 [6] [default]: failed to decrypt assertion: Unable to resolve any key decryption keys."

author: peppelinux <giuseppe.demarco@unical.it> 2020-12-13 18:42:15 +0100
committer: peppelinux <giuseppe.demarco@unical.it> 2020-12-13 18:42:15 +0100
commit: a23ed34e395b5f7f71e8226c7ad2075736a892c4 (patch)
tree: 04fa6d632cb5cc62fd3a9c087ba856adbe904bd1
parent: 3513e46c7f78ad712dd83af52d5a28b55b652668 (diff)
download: pysaml2-a23ed34e395b5f7f71e8226c7ad2075736a892c4.tar.gz
2 files changed, 11 insertions, 3 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index 71e9ecfb..3311e6a2 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -660,8 +660,12 @@ class Entity(HTTPBase):
                 tmp = make_temp(_cert.encode('ascii'),
                                 decode=False,
                                 delete_tmpfiles=self.config.delete_tmpfiles)
+                
+                # it would be possibile to handle many other args here ...
+                pre_enc_part = pre_encryption_part(encrypt_cert=encrypt_cert)
+                
                 response = self.sec.encrypt_assertion(response, tmp.name,
-                                                      pre_encryption_part(),
+                                                      pre_enc_part,
                                                       node_xpath=node_xpath)
                 return response
             except Exception as ex:
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index 52324eb4..0ea7b66d 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -1850,7 +1850,8 @@ def pre_signature_part(
 
 
 def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rsa-key',
-        encrypted_key_id=None, encrypted_data_id=None):
+        encrypted_key_id=None, encrypted_data_id=None,
+        encrypt_cert=None):
     """
 
     :param msg_enc:
@@ -1865,7 +1866,10 @@ def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_1_5, key_name='my-rs
     encrypted_key = EncryptedKey(
         id=ek_id,
         encryption_method=key_encryption_method,
-        key_info=ds.KeyInfo(key_name=ds.KeyName(text=key_name)),
+        key_info=ds.KeyInfo(key_name=ds.KeyName(text=key_name),
+                            x509_data=ds.X509Data(
+                            x509_certificate=ds.X509Certificate(text=encrypt_cert)
+                        )),
         cipher_data=CipherData(cipher_value=CipherValue(text='')),
     )
     key_info = ds.KeyInfo(encrypted_key=encrypted_key)
author	peppelinux <giuseppe.demarco@unical.it>	2020-12-13 18:42:15 +0100
committer	peppelinux <giuseppe.demarco@unical.it>	2020-12-13 18:42:15 +0100
commit	a23ed34e395b5f7f71e8226c7ad2075736a892c4 (patch)
tree	04fa6d632cb5cc62fd3a9c087ba856adbe904bd1
parent	3513e46c7f78ad712dd83af52d5a28b55b652668 (diff)
download	pysaml2-a23ed34e395b5f7f71e8226c7ad2075736a892c4.tar.gz