Disabled xmlsec algs as configurable configuration paramenter

peppelinux · peppelinux · commit 86da6510b86b · 2019-08-01T13:59:21.000+02:00
diff --git a/src/saml2/algsupport.py b/src/saml2/algsupport.py
@@ -6,7 +6,7 @@
 __author__ = 'roland'
 
 DIGEST_METHODS = {
-    #"hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
+    "hmac-md5": 'http://www.w3.org/2001/04/xmldsig-more#md5', # test framework only!
     "hmac-sha1": 'http://www.w3.org/2000/09/xmldsig#sha1',
     "hmac-sha224": 'http://www.w3.org/2001/04/xmldsig-more#sha224',
     "hmac-sha256": 'http://www.w3.org/2001/04/xmlenc#sha256',
@@ -16,7 +16,7 @@
 }
 
 SIGNING_METHODS = {
-    #"rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
+    "rsa-md5": 'http://www.w3.org/2001/04/xmldsig-more#rsa-md5',
     "rsa-ripemd160": 'http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160',
     "rsa-sha1": 'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
     "rsa-sha224": 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224',
diff --git a/src/saml2/config.py b/src/saml2/config.py
@@ -30,6 +30,7 @@
 COMMON_ARGS = [
     "debug",
     "entityid",
+    "xmlsec_disabled_algs",
     "xmlsec_binary",
     "key_file",
     "cert_file",
@@ -189,6 +190,7 @@ class Config(object):
     def __init__(self, homedir="."):
         self._homedir = homedir
         self.entityid = None
+        self.xmlsec_disabled_algs = []
         self.xmlsec_binary = None
         self.xmlsec_path = []
         self.debug = False
diff --git a/src/saml2/metadata.py b/src/saml2/metadata.py
@@ -735,6 +735,8 @@ def entity_descriptor(confd):
         _add_attr_to_entity_attributes(entd.extensions, attr)
 
     for item in algorithm_support_in_metadata(confd.xmlsec_binary):
+        if item.algorithm in confd.__dict__.get('xmlsec_disabled_algs'):
+            continue
         if not entd.extensions:
             entd.extensions = md.Extensions()
         entd.extensions.add_extension_element(item)
