def test_loading_private_key(): pk_from_file = private_key_from_file(PRIVATE_KEY_FILE) pk_from_string = private_key_from_string(X509_PRIVATE_KEY_DATA) signer_from_file = RsaSha1Signer(pk_from_file) signer_from_string = RsaSha1Signer(pk_from_string) # It does not seem possible to compare PKey instances for equality, but the # same key should sign the same data to the same value, and different keys # will sign the same data to different values data = b'Hello, world!' assert signer_from_file(data) == signer_from_string(data)
def test_signing_data_with_private_key(): private_key = private_key_from_string(X509_PRIVATE_KEY_DATA) signer = RsaSha1Signer(private_key) data = b'Some interesting data.' # Precalculated and verified to be correct. Check using openssl: # # echo -n "Some interesting data." \ # | openssl dgst -sha1 -sign tests/keys/sample/sample-private-key.pem \ # | base64 --wrap=0 expected = 'JYT2mxcW81Iht1HPoTbrQhX/kcOmssFwnuC+6WSbbRTalq1ZqRvrNmOiiny+FOsmrQi0VzVYT/jlJnho2dz4Xw==' assert signer(data) == expected
def create_app(): app = NoCacheIndexFlask( "server", static_url_path="/static", static_folder="../build/static" ) app.config["SQLALCHEMY_DATABASE_URI"] = os.environ.get( "DATABASE_URL", "postgresql:///weave" ) app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False app.config["SQLALCHEMY_ECHO"] = bool(os.environ.get("SQLALCHEMY_ECHO")) app.config["BASIC_AUTH_USERNAME"] = os.environ.get("BASIC_AUTH_USERNAME") app.config["BASIC_AUTH_PASSWORD"] = os.environ.get("BASIC_AUTH_PASSWORD") app.config["SECRET_KEY"] = os.environ.get("SECRET_KEY") app.config["TOKEN_EXPIRY_AGE_HOURS"] = int( os.environ.get("REACT_APP_TOKEN_EXPIRY_AGE_HOURS", 1) ) db.init_app(app) login_manager.init_app(app) if not app.debug: app.config["SESSION_COOKIE_SAMESITE"] = "Strict" app.config["SESSION_COOKIE_SECURE"] = True SSLify(app) init_admin(app) init_email(app) app.register_blueprint(views.home) app.register_blueprint(views.api) app.register_blueprint(cli.blueprint) required_saml_envvars = { "SAML_SP_CERT", "SAML_IDP_CERT", "SAML_SP_KEY", "WEAVE_SERVER_NAME", "SAML_ENTITY_ID", "SAML_SSO_URL", } if all(os.environ.get(var) is not None for var in required_saml_envvars): SP_CERTIFICATE = certificate_from_string( os.environ.get("SAML_SP_CERT").replace("|", "\n") ) IDP_CERTIFICATE = certificate_from_string( os.environ.get("SAML_IDP_CERT").replace("|", "\n") ) PRIVATE_KEY = private_key_from_string( os.environ.get("SAML_SP_KEY").replace("|", "\n") ) app.config["SERVER_NAME"] = os.environ.get("WEAVE_SERVER_NAME") app.config["SAML2_SP"] = { "certificate": SP_CERTIFICATE, "private_key": PRIVATE_KEY, } app.config["SAML2_IDENTITY_PROVIDERS"] = [ { "CLASS": "server.saml.X509IdPHandler", "OPTIONS": { # "display_name": "keycloak", "entity_id": os.environ.get("SAML_ENTITY_ID"), "sso_url": os.environ.get("SAML_SSO_URL"), # "slo_url": "http://localhost:8080/auth/realms/master/protocol/saml", "certificate": IDP_CERTIFICATE, }, }, ] sp = WeaveServiceProvider() app.register_blueprint(sp.create_blueprint(), url_prefix="/saml/") return app
logout_url = url_for('flask_saml2_sp.logout') logout = f'<form action="{logout_url}" method="POST"><input type="submit" value="Log out"></form>' return message + logout else: #logged out page, redirect to idp login_url = url_for('flask_saml2_sp.login') return redirect(login_url) app.debug = False app.secret_key = "debuguseonly" app.config['SERVER_NAME'] = HTTP_HOSTNAME + ":" + str(HTTP_PORT) app.config['SAML2_SP'] = { 'certificate': certificate_from_string(SP_CERTIFICATE), 'private_key': private_key_from_string(SP_CERTIFICATE_KEY), } app.config['SAML2_IDENTITY_PROVIDERS'] = [ { 'CLASS': 'flask_saml2.sp.idphandler.IdPHandler', 'OPTIONS': { 'display_name': IDP_DISPLAY_NAME, 'entity_id': IDP_ENTITY_ID, 'sso_url': IDP_SSO_URL, 'slo_url': IDP_SLO_URL, 'certificate': certificate_from_string(IDP_CERTIFICATE), }, }, ]
if relay_state is not None: parameters.append(('RelayState', relay_state)) url = parsed.scheme + "://" + parsed.netloc + parsed.path return self._make_idp_request_url(url, parameters) sp = SamblServiceProvider() app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1, x_proto=1) app.config.from_envvar('SAMBL_SETTINGS') app.config['SAML2_SP'] = { 'certificate': certificate_from_string(app.config["SAML2_SP_CERTIFICATE"]), 'private_key': private_key_from_string(app.config["SAML2_SP_PRIVATE_KEY"]), } app.config['SAML2_IDENTITY_PROVIDERS'] = [ { 'CLASS': 'sambl.SamblIdPHandler', 'OPTIONS': { 'display_name': app.config["SAML2_IDP_DISPLAY_NAME"], 'entity_id': app.config["SAML2_IDP_ENTITY_ID"], 'sso_url': app.config["SAML2_IDP_SSO_URL"], 'slo_url': app.config["SAML2_IDP_SLO_URL"], 'certificate':