def __init__(self):
"""
To increase the security with SAML transactions, we will provide the IdP
with our public key for an x509 certificate unique to our interactions with
a particular IdP. This certificate will be regenerated automatically by
a periodic task every year.
"""
key_pair = certificates.create_key_pair()
cert = certificates.create_self_signed_cert(key_pair)
self.public_key = certificates.get_public_key(cert)
self.private_key = certificates.get_private_key(key_pair)
self.date_expires = certificates.get_expiration_date(cert)
def create_idp(slug, account, include_certs=False):
idp = IdentityProvider(
name=f"Azure AD for {account.name}",
slug=slug,
owner=account,
)
idp.save()
if include_certs:
idp.create_service_provider_certificate()
idp.entity_id = "https://testidp.com/saml2/entity_id"
idp.login_url = "https://testidp.com/saml2/login"
idp.logout_url = "https://testidp.com/saml2/logout"
key_pair = certificates.create_key_pair()
cert = certificates.create_self_signed_cert(key_pair)
idp.idp_cert_public = certificates.get_public_key(cert)
idp.date_idp_cert_expiration = certificates.get_expiration_date(cert)
idp.save()
return idp
def create_idp(account=None, include_certs=False):
if not account:
account = get_billing_account_for_idp()
idp_slug = data_gen.arbitrary_unique_name()[:20]
idp = IdentityProvider(name=f"Azure AD for {account.name}",
slug=idp_slug,
owner=account)
idp.save()
if include_certs:
idp.create_service_provider_certificate()
idp.entity_id = "https://testidp.com/saml2/entity_id"
idp.login_url = "https://testidp.com/saml2/login"
idp.logout_url = "https://testidp.com/saml2/logout"
key_pair = certificates.create_key_pair()
cert = certificates.create_self_signed_cert(key_pair)
idp.idp_cert_public = certificates.get_public_key(cert)
idp.date_idp_cert_expiration = certificates.get_expiration_date(cert)
idp.save()
return idp
def clean_idp_cert_public(self):
is_active = bool(self.data.get('is_active'))
idp_cert_file = self.cleaned_data['idp_cert_public']
if idp_cert_file:
try:
cert = certificates.get_certificate_from_file(idp_cert_file)
public_key = certificates.get_public_key(cert)
date_expiration = certificates.get_expiration_date(cert)
except certificates.crypto.Error:
log.exception("Error uploading certificate: bad cert file.")
raise forms.ValidationError(
_("File type not accepted. Please ensure you have "
"uploaded a Base64 x509 certificate."))
if date_expiration <= datetime.datetime.now(
tz=date_expiration.tzinfo):
raise forms.ValidationError(
_("This certificate has already expired!"))
else:
public_key = self.idp.idp_cert_public
date_expiration = self.idp.date_idp_cert_expiration
_check_required_when_active(is_active, public_key)
return public_key, date_expiration