Allow signature verification even on local files.

Roland Hedberg · Roland Hedberg · commit 041aa27dcdb7 · 2014-06-18T13:21:43.000+02:00
diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py
@@ -107,12 +107,12 @@ def repack_cert(cert):
 
 class MetaData(object):
     def __init__(self, onts, attrc, metadata="", node_name=None,
-                 check_validity=True, **kwargs):
+                 check_validity=True, security=None, **kwargs):
         self.onts = onts
         self.attrc = attrc
         self.entity = {}
         self.metadata = metadata
-        self.security = None
+        self.security = security
         self.node_name = node_name
         self.entities_descr = None
         self.entity_descr = None
@@ -412,11 +412,13 @@ class MetaDataLoader(MetaDataFile):
     Handles Metadata file loaded by a passed in function.
     The format of the file is the SAML Metadata format.
     """
-    def __init__(self, onts, attrc, loader_callable, cert=None, **kwargs):
+    def __init__(self, onts, attrc, loader_callable, cert=None,
+                 security=None, **kwargs):
         MetaData.__init__(self, onts, attrc, **kwargs)
         self.metadata_provider_callable = self.get_metadata_loader(
             loader_callable)
         self.cert = cert
+        self.security = security
 
     @staticmethod
     def get_metadata_loader(func):
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -1119,11 +1119,11 @@ def __init__(self, security_context, cert_file=None, cert_type="pem",
             self._verify_cert = verify_cert is True
             self._security_context = security_context
             self._osw = OpenSSLWrapper()
-            if key_file is not None and os.path.isfile(key_file):
+            if key_file and os.path.isfile(key_file):
                 self._key_str = self._osw.read_str_from_file(key_file, key_type)
             else:
                 self._key_str = ""
-            if cert_file is not None:
+            if cert_file and os.path.isfile(key_file):
                 self._cert_str = self._osw.read_str_from_file(cert_file,
                                                               cert_type)
             else:
diff --git a/tools/verify_metadata.py b/tools/verify_metadata.py
@@ -61,7 +61,13 @@
     kwargs = {}
 
 if args.type == "local":
-    metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs)
+    if args.cert and args.xmlsec:
+        crypto = _get_xmlsec_cryptobackend(args.xmlsec)
+        sc = SecurityContext(crypto)
+        metad = MetaDataFile(ONTS.values(), args.item, args.item,
+                             cert=args.cert, security=sc, **kwargs)
+    else:
+        metad = MetaDataFile(ONTS.values(), args.item, args.item, **kwargs)
 elif args.type == "external":
     ATTRCONV = ac_factory(args.attrsmap)
     httpc = HTTPBase()
