Open
Description
When reading x509 certificates in order to produce metadata, the library assumes that the first and last lines are the begin/end certificate markers, and blindly trims them:
https://github.com/IdentityPython/pysaml2/blob/v5.0.0/src/saml2/metadata.py#L832
If you have a cert with a trailing blank line this result in the metadata being generated an invalid certificate.
The cyptography library itself handles leading/trailing data without issue.
Code Version
Latest
Expected Behavior
The library should not produce invalid metadata when presented with a PEM certificate with a trailing new line.
Current Behavior
Invalid metadata
Possible Solution
Load the given PEM data and serialize it back out using the cryptography library. This would also catch any other issues with the certificate data:
cert = x509.load_pem_x509_certificate(pem_data, default_backend())
pem_data = cert.public_bytes(serialization.Encoding.PEM)[1:-1]