@@ -501,6 +501,12 @@ def _add_info(self, msg, **kwargs):
501501 else :
502502 msg .extension_elements = extensions
503503
504+ def fix_cert_str (self , tmp_cert_str ):
505+ tmp_cert_str = "%s" % self .sec .my_cert
506+ tmp_cert_str = tmp_cert_str .replace ("-----BEGIN CERTIFICATE-----\n " , "" )
507+ tmp_cert_str = tmp_cert_str .replace ("\n -----END CERTIFICATE-----\n " , "" )
508+ return tmp_cert_str
509+
504510 def _response (self , in_response_to , consumer_url = None , status = None ,
505511 issuer = None , sign = False , to_sign = None ,
506512 encrypt_assertion = False , encrypt_assertion_self_contained = False , encrypted_advice_attributes = False ,
@@ -576,6 +582,7 @@ def _response(self, in_response_to, consumer_url=None, status=None,
576582
577583 if to_sign_advice :
578584 response = signed_instance_factory (response , self .sec , to_sign_advice )
585+ tmp_cert_str = self .fix_cert_str ("%s" % encrypt_cert )
579586 _ , cert_file = make_temp ("%s" % encrypt_cert , decode = False )
580587 response = cbxs .encrypt_assertion (response , cert_file ,
581588 pre_encryption_part (), node_xpath = node_xpath )
@@ -603,12 +610,9 @@ def _response(self, in_response_to, consumer_url=None, status=None,
603610 if encrypt_cert is not None and not encrypt_advice :
604611 _ , cert_file = make_temp ("%s" % encrypt_cert , decode = False )
605612 else :
606- tmp_cert_str = "%s" % self .sec .my_cert
607- if "-----BEGIN CERTIFICATE-----" not in tmp_cert_str :
608- tmp_cert_str = "-----BEGIN CERTIFICATE-----\n " + tmp_cert_str
609- if "-----END CERTIFICATE-----" not in tmp_cert_str :
610- tmp_cert_str = tmp_cert_str + "\n -----END CERTIFICATE-----\n "
613+ tmp_cert_str = self .fix_cert_str ("%s" % self .sec .my_cert )
611614 _ , cert_file = make_temp (tmp_cert_str , decode = False )
615+
612616 response = cbxs .encrypt_assertion (response , cert_file ,
613617 pre_encryption_part ())
614618 # template(response.assertion.id))
0 commit comments