From 80f94a997ca7e9f708cd8536460d7549d386f912 Mon Sep 17 00:00:00 2001
From: peppelinux <giuseppe.demarco@unical.it>
Date: Sat, 7 Nov 2020 14:43:29 +0100
Subject: Configurable signing and digest alg

---
 docs/howto/config.rst    | 19 +++++++++++++++++++
 src/saml2/client_base.py |  8 +++++++-
 src/saml2/config.py      |  4 ++++
 src/saml2/entity.py      |  4 ++++
 src/saml2/server.py      |  9 +++++++--
 5 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/docs/howto/config.rst b/docs/howto/config.rst
index 88b0f6fa..3e0ec06d 100644
--- a/docs/howto/config.rst
+++ b/docs/howto/config.rst
@@ -247,6 +247,7 @@ The globally unique identifier of the entity.
 .. note:: It is recommended that the entityid should point to a real
     webpage where the metadata for the entity can be found.
 
+
 key_file
 ^^^^^^^^
 
@@ -1013,6 +1014,23 @@ Example::
         }
     }
 
+
+signing_algorithm
+"""""""""""""""""
+
+Default algorithm to be used. Example::
+
+    'signing_algorithm':  saml2.xmldsig.SIG_RSA_SHA256,
+
+
+digest_algorithm
+"""""""""""""""""
+
+Default algorithm to be used. Example::
+
+    'digest_algorithm':  saml2.xmldsig.DIGEST_SHA256,
+
+
 logout_responses_signed
 """""""""""""""""""""""
 
@@ -1031,6 +1049,7 @@ Example::
         }
     }
 
+
 subject_data
 """"""""""""
 
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 889c4359..03ea7bca 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -186,6 +186,10 @@ class Base(Entity):
 
             setattr(self, attr, val)
 
+        # signing and digest algs
+        self.signing_algorithm = self.config.getattr('signing_algorithm', "sp")
+        self.digest_algorithm = self.config.getattr('digest_algorithm', "sp")
+
         if self.entity_type == "sp" and not any(
             [
                 self.want_assertions_signed,
@@ -234,8 +238,10 @@ class Base(Entity):
             raise IdpUnspecified("Too many IdPs to choose from: %s" % eids)
 
         try:
-            srvs = self.metadata.single_sign_on_service(list(eids.keys())[0], binding)
+            srvs = self.metadata.single_sign_on_service(list(eids.keys())[0], 
+                                                        binding)
             return next(locations(srvs), None)
+
         except IndexError:
             raise IdpUnspecified("No IdP to send to given the premises")
 
diff --git a/src/saml2/config.py b/src/saml2/config.py
index f28d7748..8b865dcb 100644
--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -76,6 +76,8 @@ COMMON_ARGS = [
     "metadata",
     "ui_info",
     "name_id_format",
+    "signing_algorithm",
+    "digest_algorithm",
 ]
 
 SP_ARGS = [
@@ -225,6 +227,8 @@ class Config(object):
         self.attribute_profile = []
         self.requested_attribute_name_format = NAME_FORMAT_URI
         self.delete_tmpfiles = True
+        self.signing_algorithm = None
+        self.digest_algorithm = None
 
     def setattr(self, context, attr, val):
         if context == "":
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index fdea5a74..8e6680b5 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -453,6 +453,10 @@ class Entity(HTTPBase):
         sign_alg=None,
         digest_alg=None,
     ):
+        # sign adn digest algs
+        sign_alg = sign_alg or self.signing_algorithm
+        digest_alg = digest_alg or self.digest_algorithm
+
         if msg.signature is None:
             msg.signature = pre_signature_part(
                 msg.id, self.sec.my_cert, 1, sign_alg=sign_alg, digest_alg=digest_alg
diff --git a/src/saml2/server.py b/src/saml2/server.py
index bcdbd2bb..519f6db1 100644
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -524,7 +524,8 @@ class Server(Entity):
 
         if not name_id and userid:
             try:
-                name_id = self.ident.construct_nameid(userid, policy, sp_entity_id)
+                name_id = self.ident.construct_nameid(userid, policy,
+                                                      sp_entity_id)
                 logger.warning("Unspecified NameID format")
             except Exception:
                 pass
@@ -593,7 +594,11 @@ class Server(Entity):
             args['best_effort'] = kwargs["best_effort"]
         except KeyError:
             args['best_effort'] = False
-
+        
+        # signing and digest algs
+        self.signing_algorithm = self.config.getattr('signing_algorithm', "idp")
+        self.digest_algorithm = self.config.getattr('digest_algorithm', "idp")
+        
         for param in ['sign_assertion', 'sign_response', 'encrypt_assertion',
                       'encrypt_assertion_self_contained',
                       'encrypted_advice_attributes', 'encrypt_cert_advice',
-- 
cgit v1.2.1