def __init__(self): """ To increase the security with SAML transactions, we will provide the IdP with our public key for an x509 certificate unique to our interactions with a particular IdP. This certificate will be regenerated automatically by a periodic task every year. """ key_pair = certificates.create_key_pair() cert = certificates.create_self_signed_cert(key_pair) self.public_key = certificates.get_public_key(cert) self.private_key = certificates.get_private_key(key_pair) self.date_expires = certificates.get_expiration_date(cert)
def create_idp(slug, account, include_certs=False): idp = IdentityProvider( name=f"Azure AD for {account.name}", slug=slug, owner=account, ) idp.save() if include_certs: idp.create_service_provider_certificate() idp.entity_id = "https://testidp.com/saml2/entity_id" idp.login_url = "https://testidp.com/saml2/login" idp.logout_url = "https://testidp.com/saml2/logout" key_pair = certificates.create_key_pair() cert = certificates.create_self_signed_cert(key_pair) idp.idp_cert_public = certificates.get_public_key(cert) idp.date_idp_cert_expiration = certificates.get_expiration_date(cert) idp.save() return idp
def create_idp(account=None, include_certs=False): if not account: account = get_billing_account_for_idp() idp_slug = data_gen.arbitrary_unique_name()[:20] idp = IdentityProvider(name=f"Azure AD for {account.name}", slug=idp_slug, owner=account) idp.save() if include_certs: idp.create_service_provider_certificate() idp.entity_id = "https://testidp.com/saml2/entity_id" idp.login_url = "https://testidp.com/saml2/login" idp.logout_url = "https://testidp.com/saml2/logout" key_pair = certificates.create_key_pair() cert = certificates.create_self_signed_cert(key_pair) idp.idp_cert_public = certificates.get_public_key(cert) idp.date_idp_cert_expiration = certificates.get_expiration_date(cert) idp.save() return idp
def clean_idp_cert_public(self): is_active = bool(self.data.get('is_active')) idp_cert_file = self.cleaned_data['idp_cert_public'] if idp_cert_file: try: cert = certificates.get_certificate_from_file(idp_cert_file) public_key = certificates.get_public_key(cert) date_expiration = certificates.get_expiration_date(cert) except certificates.crypto.Error: log.exception("Error uploading certificate: bad cert file.") raise forms.ValidationError( _("File type not accepted. Please ensure you have " "uploaded a Base64 x509 certificate.")) if date_expiration <= datetime.datetime.now( tz=date_expiration.tzinfo): raise forms.ValidationError( _("This certificate has already expired!")) else: public_key = self.idp.idp_cert_public date_expiration = self.idp.date_idp_cert_expiration _check_required_when_active(is_active, public_key) return public_key, date_expiration