certificate fix

2017-11-24 17:19:15 +01:00 · 2017-11-24 17:19:15 +01:00 · 6a1b92680b
commit 6a1b92680b
parent 1f37cdf14c
4 changed files with 26 additions and 22 deletions
--- a/rugwebsite/init.py
+++ b/rugwebsite/init.py
@ -1 +1 @@
-__version__ = '0.1.13'
+__version__ = '0.1.14'
--- a/rugwebsite/pycache/urls.cpython-35.pyc
+++ b/rugwebsite/pycache/urls.cpython-35.pyc
--- a/rugwebsite/settings/default.py
+++ b/rugwebsite/settings/default.py
@ -70,7 +70,6 @@ AUTHENTICATION_BACKENDS = [
 ]


-SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata'
 SAML_ROUTE = 'sso/saml/'
 SAML_REDIRECT = '/'
 SAML_USERS_MAP = [{
@ -82,8 +81,7 @@ SAML_USERS_MAP = [{
  }
 }]

-PRIVATE_KEY = """-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB
+PRIVATE_KEY = """MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB
 hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D
 5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW
 2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC
@ -96,11 +94,9 @@ vLgbAkEAhVJae6faue/2YdW1glIUsEOiWKhe14NQPk5PFRcN47B0QJsEC/Kc8c69
 ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te
 XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3
 j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc
-dFx3FLksqaZr5IM=
-----END PRIVATE KEY-----"""
+dFx3FLksqaZr5IM="""

-X509 = """-----BEGIN CERTIFICATE-----
-MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx
+X509 = """MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx
 EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u
 aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl
 MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v
@ -118,11 +114,9 @@ ePcwHwYDVR0jBBgwFoAUZeo8RVZu3DThn3/zFG0F9GY3ePcwDAYDVR0TBAUwAwEB
 /zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w
 84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi
 UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE
-i1/B4Q==
-----END CERTIFICATE-----"""
+i1/B4Q=="""

-CSR = """-----BEGIN CERTIFICATE REQUEST-----
-MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x
+CSR = """MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x
 IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt
 by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu
 MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ
@ -133,10 +127,12 @@ AwW4/wwkHfctidQK3/8ISCgW2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAGgADAN
 BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo
 I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc
 hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18
-Zw==
-----END CERTIFICATE REQUEST-----"""
+Zw=="""
+
+SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata'

 import sys
+from onelogin.saml2.xml_utils import OneLogin_Saml2_XML
 if sys.version_info[0] == 2:
    import urllib  # python 2
 else:
@ -144,7 +140,17 @@ else:
    import urllib.request as urllib  # python 3

 with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u:
-    RUG_PROVIDER_METADATA = u.read().decode('utf-8')
+    RUG_PROVIDER_METADATA = u.read()
+    RUG_PROVIDER_X509CERT = OneLogin_Saml2_XML.query(
+        OneLogin_Saml2_XML.to_etree(RUG_PROVIDER_METADATA),
+        '/md:EntityDescriptor/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate'
+    )
+
+    assert len(RUG_PROVIDER_X509CERT) > 0, "Excepted a X509 RUG Provider Certificate"
+    assert len(RUG_PROVIDER_X509CERT) == 1, "Excepted no more than 1 X509 RUG Provider Certificate"
+    RUG_PROVIDER_X509CERT = RUG_PROVIDER_X509CERT[0].text.strip()
+
+

 SAML_PROVIDERS = [{
    "RuG": {
@ -176,7 +182,7 @@ SAML_PROVIDERS = [{
                "url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo",
                "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            },
-            "x509cert": RUG_PROVIDER_METADATA,
+            "x509cert": RUG_PROVIDER_X509CERT,
        },
        "organization": {
            "en-US": {
--- a/rugwebsite/urls.py
+++ b/rugwebsite/urls.py
@ -1,11 +1,9 @@
 from django.conf.urls import include, url
-
-from django.contrib.auth.views import login
-from rugwebsite.views import home
 import django_saml2_pro_auth.urls as saml_urls
+from rugwebsite.views import home
+

 urlpatterns = [
-    url(r'^', include(saml_urls, namespace='saml')),
-    # url(r'^login', login, name='login'),
-    url(r'^$', home),
+    url(r'', include(saml_urls, namespace='saml')),
+    url(r'$', home),
 ]