|
1 | 1 | """ Functions connected to signing and verifying. |
2 | 2 | Based on the use of xmlsec1 binaries and not the python xmlsec module. |
3 | 3 | """ |
4 | | -from OpenSSL import crypto |
5 | 4 |
|
6 | 5 | import base64 |
7 | 6 | import hashlib |
|
10 | 9 | import os |
11 | 10 | import six |
12 | 11 | from uuid import uuid4 as gen_random_key |
13 | | - |
14 | 12 | from time import mktime |
| 13 | +from tempfile import NamedTemporaryFile |
| 14 | +from subprocess import Popen |
| 15 | +from subprocess import PIPE |
| 16 | +from importlib_resources import path as _resource_path |
| 17 | + |
| 18 | +from OpenSSL import crypto |
| 19 | + |
15 | 20 | import pytz |
16 | 21 |
|
17 | 22 | from six.moves.urllib import parse |
18 | 23 |
|
19 | 24 | import saml2.cryptography.asymmetric |
20 | 25 | import saml2.cryptography.pki |
21 | | - |
22 | | -from tempfile import NamedTemporaryFile |
23 | | -from subprocess import Popen |
24 | | -from subprocess import PIPE |
25 | | - |
| 26 | +import saml2.xmldsig as ds |
26 | 27 | from saml2 import samlp |
27 | 28 | from saml2 import SamlBase |
28 | 29 | from saml2 import SAMLError |
|
31 | 32 | from saml2 import saml |
32 | 33 | from saml2 import ExtensionElement |
33 | 34 | from saml2 import VERSION |
34 | | - |
35 | 35 | from saml2.cert import OpenSSLWrapper |
36 | 36 | from saml2.extension import pefim |
37 | 37 | from saml2.extension.pefim import SPCertEnc |
38 | 38 | from saml2.saml import EncryptedAssertion |
39 | | - |
40 | | -import saml2.xmldsig as ds |
41 | | - |
42 | 39 | from saml2.s_utils import sid |
43 | 40 | from saml2.s_utils import Unsupported |
44 | | - |
45 | 41 | from saml2.time_util import instant |
46 | 42 | from saml2.time_util import str_to_time |
47 | | - |
48 | 43 | from saml2.xmldsig import SIG_RSA_SHA1 |
49 | 44 | from saml2.xmldsig import SIG_RSA_SHA224 |
50 | 45 | from saml2.xmldsig import SIG_RSA_SHA256 |
@@ -1466,7 +1461,7 @@ def _check_signature(self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, |
1466 | 1461 |
|
1467 | 1462 | # saml-core section "5.4 XML Signature Profile" defines constrains on the |
1468 | 1463 | # xmldsig-core facilities. It explicitly dictates that enveloped signatures |
1469 | | - # are the only signatures allowed. This mean that: |
| 1464 | + # are the only signatures allowed. This means that: |
1470 | 1465 | # * Assertion/RequestType/ResponseType elements must have an ID attribute |
1471 | 1466 | # * signatures must have a single Reference element |
1472 | 1467 | # * the Reference element must have a URI attribute |
|
0 commit comments