Skip to content

Commit eb1f177

Browse files
author
Hans Hörberg
committed
Added encryption support for multiple assertions, advice elements with multiple assertions.
1 parent 1d031a4 commit eb1f177

File tree

2 files changed

+39
-30
lines changed

2 files changed

+39
-30
lines changed

src/saml2/entity.py

Lines changed: 34 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import base64
22
#from binascii import hexlify
3+
import copy
34
import logging
45
from hashlib import sha1
56
from Crypto.PublicKey import RSA
@@ -578,41 +579,45 @@ def _response(self, in_response_to, consumer_url=None, status=None,
578579
cbxs = CryptoBackendXmlSec1(self.config.xmlsec_binary)
579580
encrypt_advice = False
580581
if encrypted_advice_attributes and response.assertion.advice is not None \
581-
and len(response.assertion.advice.assertion) == 1:
582-
to_sign_advice = []
583-
if sign_assertion is not None and sign_assertion:
584-
if response.assertion.advice and response.assertion.advice.assertion:
585-
for tmp_assertion in response.assertion.advice.assertion:
582+
and len(response.assertion.advice.assertion) > 0:
583+
_assertions = response.assertion
584+
if not isinstance(_assertions, list):
585+
_assertions = [_assertions]
586+
for _assertion in _assertions:
587+
_assertion.advice.encrypted_assertion = []
588+
_assertion.advice.encrypted_assertion.append(EncryptedAssertion())
589+
_advice_assertions = copy.deepcopy(_assertion.advice.assertion)
590+
_assertion.advice.assertion = []
591+
if not isinstance(_advice_assertions, list):
592+
_advice_assertions = [_advice_assertions]
593+
for tmp_assertion in _advice_assertions:
594+
to_sign_advice = []
595+
if sign_assertion is not None and sign_assertion:
586596
tmp_assertion.signature = pre_signature_part(tmp_assertion.id, self.sec.my_cert, 1)
587597
to_sign_advice.append((class_name(tmp_assertion), tmp_assertion.id))
588-
tmp_assertion = response.assertion.advice.assertion[0]
589-
response.assertion.advice.encrypted_assertion = []
590-
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
591-
if isinstance(tmp_assertion, list):
592-
response.assertion.advice.encrypted_assertion[0].add_extension_elements(tmp_assertion)
593-
else:
594-
response.assertion.advice.encrypted_assertion[0].add_extension_element(tmp_assertion)
595-
response.assertion.advice.assertion = []
596-
if encrypt_assertion_self_contained:
597-
advice_tag = response.assertion.advice._to_element_tree().tag
598-
assertion_tag = tmp_assertion._to_element_tree().tag
599-
response = response.\
600-
get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(assertion_tag,
601-
advice_tag)
602-
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
603-
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
604-
605-
if to_sign_advice:
606-
response = signed_instance_factory(response, self.sec, to_sign_advice)
607-
response = self._encrypt_assertion(encrypt_cert_advice, sp_entity_id, response, node_xpath=node_xpath)
608-
if encrypt_assertion:
609-
response = response_from_string(response)
598+
#tmp_assertion = response.assertion.advice.assertion[0]
599+
_assertion.advice.encrypted_assertion[0].add_extension_element(tmp_assertion)
600+
601+
if encrypt_assertion_self_contained:
602+
advice_tag = response.assertion.advice._to_element_tree().tag
603+
assertion_tag = tmp_assertion._to_element_tree().tag
604+
response = \
605+
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
606+
assertion_tag, advice_tag)
607+
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
608+
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
609+
610+
if to_sign_advice:
611+
response = signed_instance_factory(response, self.sec, to_sign_advice)
612+
response = self._encrypt_assertion(encrypt_cert_advice, sp_entity_id, response, node_xpath=node_xpath)
613+
response = response_from_string(response)
614+
610615
if encrypt_assertion:
611616
to_sign_assertion = []
612617
if sign_assertion is not None and sign_assertion:
613618
_assertions = response.assertion
614-
if not isinstance(response.assertion, list):
615-
_assertions = [response.assertion]
619+
if not isinstance(_assertions, list):
620+
_assertions = [_assertions]
616621
for _assertion in _assertions:
617622
_assertion.signature = pre_signature_part(_assertion.id, self.sec.my_cert, 1)
618623
to_sign_assertion.append((class_name(_assertion), _assertion.id))

tests/test_50_server.py

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -738,6 +738,8 @@ def test_encrypted_response_1(self):
738738
encrypt_cert_advice=cert_str_advice,
739739
)
740740

741+
_resp = "%s" % _resp
742+
741743
sresponse = response_from_string(_resp)
742744

743745
assert sresponse.signature is None
@@ -859,6 +861,8 @@ def test_encrypted_response_5(self):
859861
encrypted_advice_attributes=True,
860862
)
861863

864+
_resp = "%s" % _resp
865+
862866
sresponse = response_from_string(_resp)
863867

864868
assert sresponse.signature is None
@@ -1072,4 +1076,4 @@ def test_1(self):
10721076
if __name__ == "__main__":
10731077
ts = TestServer1()
10741078
ts.setup_class()
1075-
ts.test_encrypted_signed_response_4()
1079+
ts.test_encrypted_response_1()

0 commit comments

Comments
 (0)