Embed the cert in the EncryptedData element

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

src/saml2/entity.py

@@ -663,7 +663,10 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response, node_xpath=No
                     delete_tmpfiles=self.config.delete_tmpfiles,
                 )
                 response = self.sec.encrypt_assertion(
-                    response, tmp.name, pre_encryption_part(), node_xpath=node_xpath
+                    response,
+                    tmp.name,
+                    pre_encryption_part(encrypt_cert=unwrapped_cert),
+                    node_xpath=node_xpath,
                 )
                 return response
             except Exception as ex:

src/saml2/sigver.py

@@ -1882,24 +1882,28 @@ def pre_signature_part(
 
 
 def pre_encryption_part(
+    *,
     msg_enc=TRIPLE_DES_CBC,
     key_enc=RSA_OAEP_MGF1P,
     key_name='my-rsa-key',
     encrypted_key_id=None,
     encrypted_data_id=None,
+    encrypt_cert=None,
 ):
-    """
-
-    :param msg_enc:
-    :param key_enc:
-    :param key_name:
-    :return:
-    """
     ek_id = encrypted_key_id or "EK_{id}".format(id=gen_random_key())
     ed_id = encrypted_data_id or "ED_{id}".format(id=gen_random_key())
     msg_encryption_method = EncryptionMethod(algorithm=msg_enc)
     key_encryption_method = EncryptionMethod(algorithm=key_enc)
-    key_info = ds.KeyInfo(key_name=ds.KeyName(text=key_name))
+
+    x509_data = (
+        ds.X509Data(x509_certificate=ds.X509Certificate(text=encrypt_cert))
+        if encrypt_cert
+        else None
+    )
+    key_info = ds.KeyInfo(
+        key_name=ds.KeyName(text=key_name),
+        x509_data=x509_data,
+    )
 
     encrypted_key = EncryptedKey(
         id=ek_id,