Merge pull request #204 from HaToHo/master

Roland Hedberg · Roland Hedberg · commit da91d0885f93 · 2015-04-21T16:50:54.000-07:00
PEFIM fixes
diff --git a/example/idp2/idp.py b/example/idp2/idp.py
@@ -335,6 +335,8 @@ def do(self, query, binding_in, relay_state="", encrypt_cert=None):
                 _resp = IDP.create_authn_response(
                     identity, userid=self.user,
                     encrypt_cert=encrypt_cert,
+                    encrypt_assertion_self_contained=True,
+                    encrypted_advice_attributes=True,
                     **resp_args)
             except Exception as excp:
                 logging.error(exception_trace(excp))
@@ -399,9 +401,9 @@ def redirect(self):
                     return resp(self.environ, self.start_response)
 
             if self.user:
+                saml_msg["req_info"] = self.req_info
                 if _req.force_authn is not None and \
                         _req.force_authn.lower() == 'true':
-                    saml_msg["req_info"] = self.req_info
                     key = self._store_request(saml_msg)
                     return self.not_authn(key, _req.requested_authn_context)
                 else:
@@ -1013,6 +1015,7 @@ def application(environ, start_response):
             if isinstance(callback, tuple):
                 cls = callback[0](environ, start_response, user)
                 func = getattr(cls, callback[1])
+
                 return func()
             return callback(environ, start_response, user)
 
diff --git a/src/saml2/aes.py b/src/saml2/aes.py
@@ -87,7 +87,7 @@ def encrypt(self, msg, iv=None, alg="aes_128_cbc", padding="PKCS#7",
             return cmsg
 
 
-    def decrypt(self, msg, iv=None, padding="PKCS#7", b64dec=True):
+    def decrypt(self, msg, iv=None, alg="aes_128_cbc", padding="PKCS#7", b64dec=True):
         """
         :param key: The encryption key
         :param iv: init vector
@@ -102,7 +102,7 @@ def decrypt(self, msg, iv=None, padding="PKCS#7", b64dec=True):
         _iv = data[:AES.block_size]
         if iv:
             assert iv == _iv
-        cipher, iv = self.build_cipher(iv)
+        cipher, iv = self.build_cipher(iv, alg=alg)
         res = cipher.decrypt(data)[AES.block_size:]
         if padding in ["PKCS#5", "PKCS#7"]:
             res = res[:-ord(res[-1])]
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -1820,10 +1820,11 @@ def pre_encrypt_assertion(response):
     assertion = response.assertion
     response.assertion = None
     response.encrypted_assertion = EncryptedAssertion()
-    if isinstance(assertion, list):
-        response.encrypted_assertion.add_extension_elements(assertion)
-    else:
-        response.encrypted_assertion.add_extension_element(assertion)
+    if assertion is not None:
+        if isinstance(assertion, list):
+            response.encrypted_assertion.add_extension_elements(assertion)
+        else:
+            response.encrypted_assertion.add_extension_element(assertion)
     # txt = "%s" % response
     # _ass = "%s" % assertion
     # _ass = rm_xmltag(_ass)
