def test_loading_private_key():
pk_from_file = private_key_from_file(PRIVATE_KEY_FILE)
pk_from_string = private_key_from_string(X509_PRIVATE_KEY_DATA)
signer_from_file = RsaSha1Signer(pk_from_file)
signer_from_string = RsaSha1Signer(pk_from_string)
# It does not seem possible to compare PKey instances for equality, but the
# same key should sign the same data to the same value, and different keys
# will sign the same data to different values
data = b'Hello, world!'
assert signer_from_file(data) == signer_from_string(data)
def test_signing_data_with_private_key():
private_key = private_key_from_string(X509_PRIVATE_KEY_DATA)
signer = RsaSha1Signer(private_key)
data = b'Some interesting data.'
# Precalculated and verified to be correct. Check using openssl:
#
# echo -n "Some interesting data." \
# | openssl dgst -sha1 -sign tests/keys/sample/sample-private-key.pem \
# | base64 --wrap=0
expected = 'JYT2mxcW81Iht1HPoTbrQhX/kcOmssFwnuC+6WSbbRTalq1ZqRvrNmOiiny+FOsmrQi0VzVYT/jlJnho2dz4Xw=='
assert signer(data) == expected
def create_app():
app = NoCacheIndexFlask(
"server", static_url_path="/static", static_folder="../build/static"
)
app.config["SQLALCHEMY_DATABASE_URI"] = os.environ.get(
"DATABASE_URL", "postgresql:///weave"
)
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
app.config["SQLALCHEMY_ECHO"] = bool(os.environ.get("SQLALCHEMY_ECHO"))
app.config["BASIC_AUTH_USERNAME"] = os.environ.get("BASIC_AUTH_USERNAME")
app.config["BASIC_AUTH_PASSWORD"] = os.environ.get("BASIC_AUTH_PASSWORD")
app.config["SECRET_KEY"] = os.environ.get("SECRET_KEY")
app.config["TOKEN_EXPIRY_AGE_HOURS"] = int(
os.environ.get("REACT_APP_TOKEN_EXPIRY_AGE_HOURS", 1)
)
db.init_app(app)
login_manager.init_app(app)
if not app.debug:
app.config["SESSION_COOKIE_SAMESITE"] = "Strict"
app.config["SESSION_COOKIE_SECURE"] = True
SSLify(app)
init_admin(app)
init_email(app)
app.register_blueprint(views.home)
app.register_blueprint(views.api)
app.register_blueprint(cli.blueprint)
required_saml_envvars = {
"SAML_SP_CERT",
"SAML_IDP_CERT",
"SAML_SP_KEY",
"WEAVE_SERVER_NAME",
"SAML_ENTITY_ID",
"SAML_SSO_URL",
}
if all(os.environ.get(var) is not None for var in required_saml_envvars):
SP_CERTIFICATE = certificate_from_string(
os.environ.get("SAML_SP_CERT").replace("|", "\n")
)
IDP_CERTIFICATE = certificate_from_string(
os.environ.get("SAML_IDP_CERT").replace("|", "\n")
)
PRIVATE_KEY = private_key_from_string(
os.environ.get("SAML_SP_KEY").replace("|", "\n")
)
app.config["SERVER_NAME"] = os.environ.get("WEAVE_SERVER_NAME")
app.config["SAML2_SP"] = {
"certificate": SP_CERTIFICATE,
"private_key": PRIVATE_KEY,
}
app.config["SAML2_IDENTITY_PROVIDERS"] = [
{
"CLASS": "server.saml.X509IdPHandler",
"OPTIONS": {
# "display_name": "keycloak",
"entity_id": os.environ.get("SAML_ENTITY_ID"),
"sso_url": os.environ.get("SAML_SSO_URL"),
# "slo_url": "http://localhost:8080/auth/realms/master/protocol/saml",
"certificate": IDP_CERTIFICATE,
},
},
]
sp = WeaveServiceProvider()
app.register_blueprint(sp.create_blueprint(), url_prefix="/saml/")
return app
logout_url = url_for('flask_saml2_sp.logout')
logout = f'<form action="{logout_url}" method="POST"><input type="submit" value="Log out"></form>'
return message + logout
else:
#logged out page, redirect to idp
login_url = url_for('flask_saml2_sp.login')
return redirect(login_url)
app.debug = False
app.secret_key = "debuguseonly"
app.config['SERVER_NAME'] = HTTP_HOSTNAME + ":" + str(HTTP_PORT)
app.config['SAML2_SP'] = {
'certificate': certificate_from_string(SP_CERTIFICATE),
'private_key': private_key_from_string(SP_CERTIFICATE_KEY),
}
app.config['SAML2_IDENTITY_PROVIDERS'] = [
{
'CLASS': 'flask_saml2.sp.idphandler.IdPHandler',
'OPTIONS': {
'display_name': IDP_DISPLAY_NAME,
'entity_id': IDP_ENTITY_ID,
'sso_url': IDP_SSO_URL,
'slo_url': IDP_SLO_URL,
'certificate': certificate_from_string(IDP_CERTIFICATE),
},
},
]
if relay_state is not None:
parameters.append(('RelayState', relay_state))
url = parsed.scheme + "://" + parsed.netloc + parsed.path
return self._make_idp_request_url(url, parameters)
sp = SamblServiceProvider()
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_host=1, x_proto=1)
app.config.from_envvar('SAMBL_SETTINGS')
app.config['SAML2_SP'] = {
'certificate': certificate_from_string(app.config["SAML2_SP_CERTIFICATE"]),
'private_key': private_key_from_string(app.config["SAML2_SP_PRIVATE_KEY"]),
}
app.config['SAML2_IDENTITY_PROVIDERS'] = [
{
'CLASS': 'sambl.SamblIdPHandler',
'OPTIONS': {
'display_name':
app.config["SAML2_IDP_DISPLAY_NAME"],
'entity_id':
app.config["SAML2_IDP_ENTITY_ID"],
'sso_url':
app.config["SAML2_IDP_SSO_URL"],
'slo_url':
app.config["SAML2_IDP_SLO_URL"],
'certificate':