Skip to content

Change defaults to sha256 from deprecated sha1 #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TimSC wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Change defaults to sha256 from deprecated sha1 #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions flask_saml2/idp/idp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
from flask import Blueprint, current_app, render_template, url_for

from flask_saml2.exceptions import CannotHandleAssertion, UserNotAuthorized
from flask_saml2.signing import Digester, RsaSha1Signer, Sha1Digester, Signer
from flask_saml2.signing import (
Digester, RsaSha256Signer, Sha256Digester, Signer)
from flask_saml2.types import X509, PKey
from flask_saml2.utils import certificate_to_string, import_string

Expand Down Expand Up @@ -34,14 +35,14 @@ class IdentityProvider(Generic[U]):
#:
#: See also: :meth:`get_idp_digester`,
#: :meth:`~.sp.SPHandler.get_sp_digester`.
idp_digester_class: Digester = Sha1Digester
idp_digester_class: Digester = Sha256Digester

#: The specific :class:`signing <~flask_saml2.signing.Signer>` method to
#: use in this IdP when creating responses.
#:
#: See also: :meth:`get_idp_signer`,
#: :meth:`~.sp.SPHandler.get_sp_signer`.
idp_signer_class: Signer = RsaSha1Signer
idp_signer_class: Signer = RsaSha256Signer

# Configuration

Expand Down
7 changes: 4 additions & 3 deletions flask_saml2/sp/sp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
session, url_for)

from flask_saml2.exceptions import CannotHandleAssertion
from flask_saml2.signing import Digester, RsaSha1Signer, Sha1Digester, Signer
from flask_saml2.signing import (
Digester, RsaSha256Signer, Sha256Digester, Signer)
from flask_saml2.types import X509, PKey
from flask_saml2.utils import certificate_to_string, import_string

Expand Down Expand Up @@ -97,11 +98,11 @@ def get_sp_signer(self) -> Optional[Signer]:
"""Get the signing algorithm used by this SP."""
private_key = self.get_sp_private_key()
if private_key is not None:
return RsaSha1Signer(private_key)
return RsaSha256Signer(private_key)

def get_sp_digester(self) -> Digester:
"""Get the digest algorithm used by this SP."""
return Sha1Digester()
return Sha256Digester()

def should_sign_requests(self) -> bool:
"""
Expand Down
2 changes: 1 addition & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
'Flask>=1.0.0',
'signxml>=2.4.0',
'lxml>=3.8.0',
'pyopenssl<18',
'pyopenssl==23.1.1',
'defusedxml>=0.5.0',
'pytz>=0',
'iso8601~=0.1.12',
Expand Down