diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-02-28 07:26:23 +0100 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-02-28 07:26:23 +0100 |
commit | 6828283977544b3a674066f30fa088aef138207e (patch) | |
tree | de9014719a81f2c681d64dbfa1e272f648bf4256 | |
parent | 7b025c619ffd187ededb102143eaf6a6c87ee918 (diff) | |
download | pysaml2-6828283977544b3a674066f30fa088aef138207e.tar.gz |
Usage of a cryptographically suitable RNG. Proposed by Seth Arnold.
-rwxr-xr-x | setup.py | 4 | ||||
-rw-r--r-- | src/saml2/s_utils.py | 24 | ||||
-rw-r--r-- | src/saml2/sigver.py | 21 |
3 files changed, 21 insertions, 28 deletions
@@ -51,8 +51,8 @@ if sys.version_info < (2, 7): setup( name='pysaml2', - version='2.3.0', - description='Python implementation of SAML Version 2 to be used in a WSGI environment', + version='2.4.0beta', + description='Python implementation of SAML Version 2', # long_description = read("README"), author='Roland Hedberg', author_email='roland.hedberg@adm.umu.se', diff --git a/src/saml2/s_utils.py b/src/saml2/s_utils.py index e17c2b56..5f9fe42d 100644 --- a/src/saml2/s_utils.py +++ b/src/saml2/s_utils.py @@ -7,6 +7,7 @@ import time import base64 import sys import hmac +import string # from python 2.5 import imp @@ -154,31 +155,28 @@ def deflate_and_base64_encode(string_val): return base64.b64encode(zlib.compress(string_val)[2:-4]) -def rndstr(size=16): +def rndstr(size=16, alphabet=""): """ Returns a string of random ascii characters or digits :param size: The length of the string :return: string """ - _basech = string.ascii_letters + string.digits - return "".join([random.choice(_basech) for _ in range(size)]) + rng = random.SystemRandom() + if not alphabet: + alphabet = string.letters[0:52] + string.digits + return str().join(rng.choice(alphabet) for _ in range(size)) -def sid(seed=""): - """The hash of the server time + seed makes an unique SID for each session. - 128-bits long so it fulfills the SAML2 requirements which states +def sid(): + """creates an unique SID for each session. + 160-bits long so it fulfills the SAML2 requirements which states 128-160 bits - :param seed: A seed string - :return: The hex version of the digest, prefixed by 'id-' to make it + :return: A random string prefix with 'id-' to make it compliant with the NCName specification """ - ident = md5() - ident.update(repr(time.time())) - if seed: - ident.update(seed) - return "id-" + ident.hexdigest() + return "id-" + rndstr(17) def parse_attribute_map(filenames): diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index e598781b..0f2d1fbb 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -33,7 +33,7 @@ from saml2 import saml from saml2 import ExtensionElement from saml2 import VERSION -from saml2.s_utils import sid +from saml2.s_utils import sid, rndstr from saml2.s_utils import Unsupported from saml2.time_util import instant @@ -322,18 +322,13 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None): # -------------------------------------------------------------------------- - - -def create_id(): - """ Create a string of 40 random characters from the set [a-p], - can be used as a unique identifier of objects. - - :return: The string of random characters - """ - ret = "" - for _ in range(40): - ret += chr(random.randint(0, 15) + ord('a')) - return ret +# def create_id(): +# """ Create a string of 40 random characters from the set [a-p], +# can be used as a unique identifier of objects. +# +# :return: The string of random characters +# """ +# return rndstr(40, "abcdefghijklmonp") def make_temp(string, suffix="", decode=True, delete=True): |