コード例 #1
0
    def __init__(self):
        """
        To increase the security with SAML transactions, we will provide the IdP
        with our public key for an x509 certificate unique to our interactions with
        a particular IdP. This certificate will be regenerated automatically by
        a periodic task every year.
        """
        key_pair = certificates.create_key_pair()
        cert = certificates.create_self_signed_cert(key_pair)

        self.public_key = certificates.get_public_key(cert)
        self.private_key = certificates.get_private_key(key_pair)
        self.date_expires = certificates.get_expiration_date(cert)
コード例 #2
0
def create_idp(slug, account, include_certs=False):
    idp = IdentityProvider(
        name=f"Azure AD for {account.name}",
        slug=slug,
        owner=account,
    )
    idp.save()
    if include_certs:
        idp.create_service_provider_certificate()
        idp.entity_id = "https://testidp.com/saml2/entity_id"
        idp.login_url = "https://testidp.com/saml2/login"
        idp.logout_url = "https://testidp.com/saml2/logout"
        key_pair = certificates.create_key_pair()
        cert = certificates.create_self_signed_cert(key_pair)
        idp.idp_cert_public = certificates.get_public_key(cert)
        idp.date_idp_cert_expiration = certificates.get_expiration_date(cert)
        idp.save()
    return idp
コード例 #3
0
ファイル: generator.py プロジェクト: challabeehyv/commcare-hq 
def create_idp(account=None, include_certs=False):
    if not account:
        account = get_billing_account_for_idp()
    idp_slug = data_gen.arbitrary_unique_name()[:20]
    idp = IdentityProvider(name=f"Azure AD for {account.name}",
                           slug=idp_slug,
                           owner=account)
    idp.save()
    if include_certs:
        idp.create_service_provider_certificate()
        idp.entity_id = "https://testidp.com/saml2/entity_id"
        idp.login_url = "https://testidp.com/saml2/login"
        idp.logout_url = "https://testidp.com/saml2/logout"
        key_pair = certificates.create_key_pair()
        cert = certificates.create_self_signed_cert(key_pair)
        idp.idp_cert_public = certificates.get_public_key(cert)
        idp.date_idp_cert_expiration = certificates.get_expiration_date(cert)
        idp.save()
    return idp
コード例 #4
0
ファイル: forms.py プロジェクト: soitun/commcare-hq 
    def clean_idp_cert_public(self):
        is_active = bool(self.data.get('is_active'))
        idp_cert_file = self.cleaned_data['idp_cert_public']
        if idp_cert_file:
            try:
                cert = certificates.get_certificate_from_file(idp_cert_file)
                public_key = certificates.get_public_key(cert)
                date_expiration = certificates.get_expiration_date(cert)
            except certificates.crypto.Error:
                log.exception("Error uploading certificate: bad cert file.")
                raise forms.ValidationError(
                    _("File type not accepted. Please ensure you have "
                      "uploaded a Base64 x509 certificate."))
            if date_expiration <= datetime.datetime.now(
                    tz=date_expiration.tzinfo):
                raise forms.ValidationError(
                    _("This certificate has already expired!"))
        else:
            public_key = self.idp.idp_cert_public
            date_expiration = self.idp.date_idp_cert_expiration

        _check_required_when_active(is_active, public_key)
        return public_key, date_expiration