diff options
Diffstat (limited to 'src/saml2/entity.py')
-rw-r--r-- | src/saml2/entity.py | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index d2d6ec5c..21ce516a 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -65,6 +65,7 @@ from saml2.sigver import security_context from saml2.sigver import SigverError from saml2.sigver import SignatureError from saml2.sigver import make_temp +from saml2.sigver import get_pem_wrapped_unwrapped from saml2.sigver import pre_encryption_part from saml2.sigver import pre_signature_part from saml2.sigver import pre_encrypt_assertion @@ -654,18 +655,22 @@ class Entity(HTTPBase): _certs = self.metadata.certs(sp_entity_id, "any", "encryption") exception = None for _cert in _certs: + wrapped_cert, unwrapped_cert = get_pem_wrapped_unwrapped(_cert) try: - begin_cert = "-----BEGIN CERTIFICATE-----\n" - end_cert = "\n-----END CERTIFICATE-----\n" - if begin_cert not in _cert: - _cert = "%s%s" % (begin_cert, _cert) - if end_cert not in _cert: - _cert = "%s%s" % (_cert, end_cert) - tmp = make_temp(_cert.encode('ascii'), + tmp = make_temp(wrapped_cert.encode('ascii'), decode=False, delete_tmpfiles=self.config.delete_tmpfiles) + + # it would be possibile to handle many other args here ... + pre_enc_part_dict = dict() + if encrypt_cert: + pre_enc_part_dict['encrypt_cert'] = unwrapped_cert + pre_enc_part = pre_encryption_part(**pre_enc_part_dict) + # end pre_enc_part + + response = self.sec.encrypt_assertion(response, tmp.name, - pre_encryption_part(), + pre_enc_part, node_xpath=node_xpath) return response except Exception as ex: |