undo removeal of imports of xmldsig.SIG_RSA_SHA..

rhoerbe · rhoerbe · commit 5886581e5110 · 2014-07-16T09:43:20.000+02:00
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -55,26 +55,30 @@
 
 from tempfile import NamedTemporaryFile
 from subprocess import Popen, PIPE
+
+from xmldsig import digest_default
+from xmldsig import sig_default
+from xmldsig import SIG_RSA_SHA1
+from xmldsig import SIG_RSA_SHA224
+from xmldsig import SIG_RSA_SHA256
+from xmldsig import SIG_RSA_SHA384
+from xmldsig import SIG_RSA_SHA512
 from xmlenc import EncryptionMethod
 from xmlenc import EncryptedKey
 from xmlenc import CipherData
 from xmlenc import CipherValue
 from xmlenc import EncryptedData
 
+from Crypto.Hash import SHA
+from Crypto.Hash import SHA224
 from Crypto.Hash import SHA256
 from Crypto.Hash import SHA384
 from Crypto.Hash import SHA512
-from Crypto.Hash import SHA
 
 logger = logging.getLogger(__name__)
 
 SIG = "{%s#}%s" % (ds.NAMESPACE, "Signature")
 
-RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
-RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
-RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
-RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
-
 RSA_1_5 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
 TRIPLE_DES_CBC = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
 XMLTAG = "<?xml version='1.0'?>"
@@ -603,10 +607,11 @@ def verify(self, msg, sig, key):
 
 
 SIGNER_ALGS = {
-    RSA_SHA1: RSASigner(SHA),
-    RSA_SHA256: RSASigner(SHA256),
-    RSA_SHA384: RSASigner(SHA384),
-    RSA_SHA512: RSASigner(SHA512),
+    SIG_RSA_SHA1: RSASigner(SHA),
+    SIG_RSA_SHA224: RSASigner(SHA224),
+    SIG_RSA_SHA256: RSASigner(SHA256),
+    SIG_RSA_SHA384: RSASigner(SHA384),
+    SIG_RSA_SHA512: RSASigner(SHA512),
 }
 
 REQ_ORDER = ["SAMLRequest", "RelayState", "SigAlg"]
@@ -627,7 +632,7 @@ def verify_redirect_signature(saml_msg, cert):
     except KeyError:
         raise Unsupported("Signature algorithm: %s" % saml_msg["SigAlg"])
     else:
-        if saml_msg["SigAlg"][0] == RSA_SHA1:
+        if saml_msg["SigAlg"][0] == SIG_RSA_SHA1:
             if "SAMLRequest" in saml_msg:
                 _order = REQ_ORDER
             elif "SAMLResponse" in saml_msg:
@@ -1679,7 +1684,8 @@ def multiple_signatures(self, statement, to_sign, key=None, key_file=None):
 # ===========================================================================
 
 
-def pre_signature_part(ident, public_key=None, identifier=None):
+def pre_signature_part(ident, public_key=None, identifier=None,
+                       digest_alg=None, sign_alg=None):
     """
     If an assertion is to be signed the signature part has to be preset
     with which algorithms to be used, this function returns such a
@@ -1692,13 +1698,17 @@ def pre_signature_part(ident, public_key=None, identifier=None):
     :return: A preset signature part
     """
 
-    signature_method = ds.SignatureMethod(algorithm=ds.SIG_RSA_SHA1)
+    if not digest_alg:
+        digest_alg=ds.digest_default
+    if not sign_alg:
+        sign_alg=ds.sig_default
+    signature_method = ds.SignatureMethod(algorithm=sign_alg)
     canonicalization_method = ds.CanonicalizationMethod(
         algorithm=ds.ALG_EXC_C14N)
     trans0 = ds.Transform(algorithm=ds.TRANSFORM_ENVELOPED)
     trans1 = ds.Transform(algorithm=ds.ALG_EXC_C14N)
     transforms = ds.Transforms(transform=[trans0, trans1])
-    digest_method = ds.DigestMethod(algorithm=ds.DIGEST_SHA1)
+    digest_method = ds.DigestMethod(algorithm=digest_alg)
 
     reference = ds.Reference(uri="#%s" % ident, digest_value=ds.DigestValue(),
                              transforms=transforms, digest_method=digest_method)
