Commit f12bb4b0 authored by Martin van Es's avatar Martin van Es
Browse files

Make key_spec and cert_spec configurable

parent b3e4d8c0
---
test:
signer: test_signer
signer:
name: test_signer
key_spec: meta.key
cert_spec: meta.crt
metadir: metadata/test
foobar:
signer: foobar_signer
signer:
name: hsm_signer
key_spec: pkcs11:///usr/lib/softhsm/libsofthsm2.so/test?pin=secret
metadir: metadata/foobar
import xmlsec
cert = "meta.crt"
key = "meta.key"
def _normal_signer(xml, key_spec, cert_spec):
print(f"Normal signer {key_spec} {cert_spec}")
return xmlsec.sign(xml, key_spec=key_spec, cert_spec=cert_spec)
def Signers(signer):
def _normal_signer(xml):
print("Normal signer")
return xmlsec.sign(xml, key_spec=key, cert_spec=cert)
def _test_signer(xml):
print("Test signer")
return xmlsec.sign(xml, key_spec=key, cert_spec=cert)
def _test_signer(xml, key_spec, cert_spec):
print(f"Test signer {key_spec} {cert_spec}")
return xmlsec.sign(xml, key_spec=key_spec, cert_spec=cert_spec)
def _foobar_signer(xml):
print("Foobar signer")
return xmlsec.sign(xml, key_spec=key, cert_spec=cert)
def _hsm_signer(xml):
print("HSM signer")
return xmlsec.sign(xml, key_spec="pkcs11:///usr/lib/softhsm/libsofthsm2.so/test?pin=secret")
def _foobar_signer(xml, key_spec, cert_spec):
print(f"Foobar signer {key_spec} {cert_spec}")
return xmlsec.sign(xml, key_spec=key_spec, cert_spec=cert_spec)
signers = {
'normal_signer': _normal_signer,
'test_signer': _test_signer,
'foobar_signer': _foobar_signer,
'hsm_signer': _hsm_signer
}
return signers[signer]
def _hsm_signer(xml, key_spec, cert_spec):
print(f"HSM signer {key_spec} {cert_spec}")
return xmlsec.sign(xml, key_spec=key_spec, cert_spec=cert_spec)
_signers = {
'normal_signer': _normal_signer,
'test_signer': _test_signer,
'foobar_signer': _foobar_signer,
'hsm_signer': _hsm_signer
}
class Signers():
def __init__(self, signer):
self.name = signer['name']
self.key_spec = signer['key_spec']
self.cert_spec = signer.get('cert_spec', None)
def sign(self, xml):
return _signers[self.name](xml, self.key_spec, self.cert_spec)
......@@ -163,7 +163,7 @@ class Realm:
print(f"sign {sha1}")
valid_until = self.idps[sha1].valid_until
if valid_until > datetime.now(tz.tzutc()):
signed_element = self.signer(self.idps[sha1].md)
signed_element = self.signer.sign(self.idps[sha1].md)
signed_xml = ET.tostring(signed_element,
pretty_print=True).decode()
signed_entity = Entity()
......@@ -208,7 +208,7 @@ class Realm:
root.set('cacheDuration', duration_isoformat(cache_duration))
last_modified = datetime.now(tz.tzutc())
signed_root = self.signer(root)
signed_root = self.signer.sign(root)
data.md = ET.tostring(signed_root, pretty_print=True)
data.valid_until = valid_until
data.last_modified = last_modified
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment