diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-04-20 15:51:53 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2021-05-18 15:20:29 +0300 |
commit | 82b921ba677f5619491be53ac45927dde88d880e (patch) | |
tree | 5f764480193de7563006365ac1e2932ddbfa5476 /src | |
parent | 9a78ba37e0bdfea52b01c2cea1b389c9b7215354 (diff) | |
download | pysaml2-82b921ba677f5619491be53ac45927dde88d880e.tar.gz |
Embed the cert in the EncryptedData element
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/saml2/entity.py | 5 | ||||
-rw-r--r-- | src/saml2/sigver.py | 20 |
2 files changed, 16 insertions, 9 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 779715a0..779310b3 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -663,7 +663,10 @@ class Entity(HTTPBase): delete_tmpfiles=self.config.delete_tmpfiles, ) response = self.sec.encrypt_assertion( - response, tmp.name, pre_encryption_part(), node_xpath=node_xpath + response, + tmp.name, + pre_encryption_part(encrypt_cert=unwrapped_cert), + node_xpath=node_xpath, ) return response except Exception as ex: diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 007e7b40..b18d2cce 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -1882,24 +1882,28 @@ def pre_signature_part( def pre_encryption_part( + *, msg_enc=TRIPLE_DES_CBC, key_enc=RSA_OAEP_MGF1P, key_name='my-rsa-key', encrypted_key_id=None, encrypted_data_id=None, + encrypt_cert=None, ): - """ - - :param msg_enc: - :param key_enc: - :param key_name: - :return: - """ ek_id = encrypted_key_id or "EK_{id}".format(id=gen_random_key()) ed_id = encrypted_data_id or "ED_{id}".format(id=gen_random_key()) msg_encryption_method = EncryptionMethod(algorithm=msg_enc) key_encryption_method = EncryptionMethod(algorithm=key_enc) - key_info = ds.KeyInfo(key_name=ds.KeyName(text=key_name)) + + x509_data = ( + ds.X509Data(x509_certificate=ds.X509Certificate(text=encrypt_cert)) + if encrypt_cert + else None + ) + key_info = ds.KeyInfo( + key_name=ds.KeyName(text=key_name), + x509_data=x509_data, + ) encrypted_key = EncryptedKey( id=ek_id, |