diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-03-09 15:24:30 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-05-18 15:20:29 +0300 |
commit | d038e06e132659a6a0b2813cf29f3a05cf6196b7 (patch) | |
tree | 69bcedc1ae1642dbea6312bb09ea62dc7e5e073a /src/saml2/sigver.py | |
parent | fc6e532264b78020c1321610242beee6a5b89ca4 (diff) | |
download | pysaml2-d038e06e132659a6a0b2813cf29f3a05cf6196b7.tar.gz |
Do not embed the cert in the EncryptedData element
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src/saml2/sigver.py')
-rw-r--r-- | src/saml2/sigver.py | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index fff03897..a628dd44 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -1844,6 +1844,7 @@ def pre_signature_part( if identifier: signature.id = 'Signature{n}'.format(n=identifier) + # XXX remove - do not embed the cert if public_key: x509_data = ds.X509Data( x509_certificate=[ds.X509Certificate(text=public_key)]) @@ -1881,10 +1882,13 @@ def pre_signature_part( # </EncryptedData> -def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_OAEP_MGF1P, - key_name='my-rsa-key', - encrypted_key_id=None, encrypted_data_id=None, - encrypt_cert=None): +def pre_encryption_part( + msg_enc=TRIPLE_DES_CBC, + key_enc=RSA_OAEP_MGF1P, + key_name='my-rsa-key', + encrypted_key_id=None, + encrypted_data_id=None, +): """ :param msg_enc: @@ -1896,12 +1900,8 @@ def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_OAEP_MGF1P, ed_id = encrypted_data_id or "ED_{id}".format(id=gen_random_key()) msg_encryption_method = EncryptionMethod(algorithm=msg_enc) key_encryption_method = EncryptionMethod(algorithm=key_enc) - - enc_key_dict= dict(key_name=ds.KeyName(text=key_name)) - enc_key_dict['x509_data'] = ds.X509Data( - x509_certificate=ds.X509Certificate(text=encrypt_cert)) - key_info = ds.KeyInfo(**enc_key_dict) - + key_info = ds.KeyInfo(key_name=ds.KeyName(text=key_name)) + encrypted_key = EncryptedKey( id=ek_id, encryption_method=key_encryption_method, @@ -1914,7 +1914,8 @@ def pre_encryption_part(msg_enc=TRIPLE_DES_CBC, key_enc=RSA_OAEP_MGF1P, type='http://www.w3.org/2001/04/xmlenc#Element', encryption_method=msg_encryption_method, key_info=key_info, - cipher_data=CipherData(cipher_value=CipherValue(text=''))) + cipher_data=CipherData(cipher_value=CipherValue(text='')), + ) return encrypted_data |