[settings] add SIGNATURE to the key name for SAML public and private key settings

The presence of the SIGNATURE word in the key name will prevent the private key to be shown in the debug pages. It prevents the accidental publishing of your private key on the web.
2011-03-30 12:35:31 +02:00 · 2011-03-30 12:35:31 +02:00 · c95c3ddfb1
parent 2a68b7ac2c
commit c95c3ddfb1
5 changed files with 8 additions and 8 deletions
--- a/authentic2/authsaml2/README
+++ b/authentic2/authsaml2/README
@ -1,6 +1,6 @@
 = Add to settings =

-SAML_PRIVATE_KEY = *your_key*
+SAML_SIGNATURE_PRIVATE_KEY = *your_key*
 INSTALLED_APPS += ('*project*.authsaml2', '*project*.authsaml2.saml',)
 AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
--- a/authentic2/authsaml2/saml2_endpoints.py
+++ b/authentic2/authsaml2/saml2_endpoints.py
@ -55,7 +55,7 @@ metadata_map = (
            lasso.SAML2_METADATA_BINDING_REDIRECT ,
            '/manageNameId', '/manageNameIdReturn'),
 )
-metadata_options = { 'key': settings.SAML_SIGNING_KEY }
+metadata_options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }

 def metadata(request):
    '''Endpoint to retrieve the metadata file'''
--- a/authentic2/idp/saml/saml2_endpoints.py
+++ b/authentic2/idp/saml/saml2_endpoints.py
@ -55,7 +55,7 @@ metadata_map = (
        (saml2utils.Saml2Metadata.SINGLE_LOGOUT_SERVICE, soap_bindings, '/slo/soap'),
        (saml2utils.Saml2Metadata.ARTIFACT_RESOLUTION_SERVICE, lasso.SAML2_METADATA_BINDING_SOAP, '/artifact')
 )
-metadata_options = { 'key': settings.SAML_SIGNING_KEY }
+metadata_options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }

 def metadata(request):
    '''Endpoint to retrieve the metadata file'''
--- a/authentic2/saml/common.py
+++ b/authentic2/saml/common.py
@ -90,7 +90,7 @@ def create_saml2_server(request, metadata, idp_map=None, sp_map=None, options={}
    '''Create a lasso Server object for using with a profile'''
    server = lasso.Server.newFromBuffers(get_saml2_metadata(request, metadata,
        idp_map=idp_map, sp_map=sp_map, options=options),
-        settings.SAML_PRIVATE_KEY)
+        settings.SAML_SIGNATURE_PRIVATE_KEY)
    if not server:
        raise Exception('Cannot create LassoServer object')
    return server
@ -174,13 +174,13 @@ def get_idff12_metadata(request, metadata):
            'SoapEndpoint': '/soap',
            'SingleSignOn': (('/sso',), sso_protocol_profiles)
          }
-    options = { 'key': settings.SAML_SIGNING_KEY }
+    options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }
    metagen.add_idp_descriptor(map, options)
    return str(metagen)

 def create_idff12_server(request, metadata):
    server = lasso.Server.newFromBuffers(get_idff12_metadata(request,
-        metadata), settings.SAML_PRIVATE_KEY)
+        metadata), settings.SAML_SIGNATURE_PRIVATE_KEY)
    if not server:
        raise Exception('Cannot create LassoServer object')
    return server
--- a/authentic2/settings.py
+++ b/authentic2/settings.py
@ -179,7 +179,7 @@ IDP_BACKENDS = [ ]
 IDP_SAML2 = True

 # You MUST changes these keys, they are just for testing !
-SAML_SIGNING_KEY = '''-----BEGIN CERTIFICATE-----
+SAML_SIGNATURE_PUBLIC_KEY = '''-----BEGIN CERTIFICATE-----
 MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
 BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
 MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
@ -199,7 +199,7 @@ JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
 o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
 -----END CERTIFICATE-----'''

-SAML_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
+SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
 n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
 H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x