Added code to retrieve certificate.

Author: Hans Hörberg

.gitignore

@@ -147,3 +147,5 @@ example/sp/sp_nocert.xml
 example/sp/sp_nocert2.xml
 
 example/sp/test.py
+
+example/sp/sp_conf.py

src/saml2/authn_context/__init__.py

@@ -136,7 +136,7 @@ def _pick_by_class_ref(self, cls_ref, comparision_type="exact"):
                 res = []
 
             for ref in _refs[1:]:
-                item = self.db[ref]
+                item = self.db["info"][ref]
                 res.append((item["method"], ref))
                 if func(_level, item["level"]):
                     _level = item["level"]

src/saml2/server.py

@@ -83,6 +83,11 @@ def __init__(self, config_file="", config=None, cache=None, stype="idp",
         self.iv = os.urandom(16)
         self.lock = threading.Lock()
 
+    def getvalid_certificate_str(self):
+        if self.sec.cert_handler is not None:
+            return self.sec.cert_handler._last_validated_cert
+        return None
+
     def support_AssertionIDRequest(self):
         return True
 

src/saml2/sigver.py

@@ -964,6 +964,7 @@ def __init__(self, security_context, cert_file=None, cert_type="pem", key_file=N
         """
         self._verify_cert = False
         self._generate_cert = False
+        self._last_cert_verified = None #This cert do not have to be valid, it is just the last cert to be validated.
         if cert_type == "pem" and key_type == "pem":
             self._verify_cert = verify_cert is True
             self._security_context = security_context
@@ -993,6 +994,7 @@ def __init__(self, security_context, cert_file=None, cert_type="pem", key_file=N
     def verify_cert(self, cert_file):
         if self._verify_cert:
             cert_str = self._osw.read_str_from_file(cert_file, "pem")
+            self._last_validated_cert = cert_str
             if self._cert_handler_extra_class is not None and self._cert_handler_extra_class.use_validate_cert_func():
                 self._cert_handler_extra_class.validate_cert(cert_str, self._cert_str, self._key_str)
             else: