Skip to content

Commit 93846e1

Browse files
committed
Fixed xmlsec temporary files deletions.
PYSAML2_KEEP_XMLSEC_TMP replaced with PYSAML2_DELETE_XMLSEC_TMP and this latter is True by default. Unit tests involved: 40 42 50 # this produces six xml temp file probably for handled exceptions in its tests 51
1 parent 58138e0 commit 93846e1

File tree

2 files changed

+38
-16
lines changed

2 files changed

+38
-16
lines changed

docs/howto/config.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,12 @@ Format::
157157

158158
Whether debug information should be sent to the log file.
159159

160+
os.environ['PYSAML2_DELETE_XMLSEC_TMP']
161+
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
162+
163+
If set to "False" will keep temporary xml files in `/tmp`.
164+
Default: True, delete temporary files.
165+
160166
entityid
161167
^^^^^^^^
162168

src/saml2/sigver.py

Lines changed: 32 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -210,7 +210,18 @@ def _get_xmlsec_cryptobackend(path=None, search_paths=None):
210210
ENC_NODE_NAME = 'urn:oasis:names:tc:SAML:2.0:assertion:EncryptedAssertion'
211211
ENC_KEY_CLASS = 'EncryptedKey'
212212

213-
213+
def get_environ_delete_tmpfiles():
214+
xmlsec_delete_tmpfiles = os.environ.get('PYSAML2_DELETE_XMLSEC_TMP', None)
215+
if not xmlsec_delete_tmpfiles:
216+
xmlsec_delete_tmpfiles = True
217+
elif xmlsec_delete_tmpfiles == 'False':
218+
xmlsec_delete_tmpfiles = False
219+
logger.warn('PYSAML2_DELETE_XMLSEC_TMP set to False, '
220+
'temporary xml files will not be deleted.')
221+
else:
222+
xmlsec_delete_tmpfiles = True
223+
return xmlsec_delete_tmpfiles
224+
214225
def _make_vals(val, klass, seccont, klass_inst=None, prop=None, part=False,
215226
base64encode=False, elements_to_sign=None):
216227
"""
@@ -322,7 +333,7 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
322333
return instance
323334

324335

325-
def make_temp(string, suffix='', decode=True, delete=True):
336+
def make_temp(string, suffix='', decode=True, delete=get_environ_delete_tmpfiles()):
326337
""" xmlsec needs files in some cases where only strings exist, hence the
327338
need for this function. It creates a temporary file with the
328339
string as only content.
@@ -679,10 +690,8 @@ def __init__(self, xmlsec_binary, **kwargs):
679690
CryptoBackend.__init__(self, **kwargs)
680691
assert (isinstance(xmlsec_binary, six.string_types))
681692
self.xmlsec = xmlsec_binary
682-
self._xmlsec_delete_tmpfiles = os.environ.get(
683-
'PYSAML2_KEEP_XMLSEC_TMP', False
684-
)
685-
693+
self._xmlsec_delete_tmpfiles = get_environ_delete_tmpfiles()
694+
686695
try:
687696
self.non_xml_crypto = RSACrypto(kwargs['rsa_key'])
688697
except KeyError:
@@ -710,7 +719,7 @@ def encrypt(self, text, recv_key, template, session_key_type, xpath=''):
710719
:return:
711720
"""
712721
logger.debug('Encryption input len: %d', len(text))
713-
_, fil = make_temp(text, decode=False)
722+
_, fil = make_temp(text, decode=False, delete=False)
714723

715724
com_list = [
716725
self.xmlsec,
@@ -728,6 +737,9 @@ def encrypt(self, text, recv_key, template, session_key_type, xpath=''):
728737
except XmlsecError as e:
729738
six.raise_from(EncryptError(com_list), e)
730739

740+
if self._xmlsec_delete_tmpfiles:
741+
os.remove(fil)
742+
731743
return output
732744

733745
def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', node_xpath=None, node_id=None):
@@ -749,8 +761,8 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
749761
statement = pre_encrypt_assertion(statement)
750762

751763
_, fil = make_temp(
752-
_str(statement), decode=False, delete=self._xmlsec_delete_tmpfiles
753-
)
764+
_str(statement), decode=False,
765+
delete=False)
754766
_, tmpl = make_temp(_str(template), decode=False)
755767

756768
if not node_xpath:
@@ -773,6 +785,9 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
773785
except XmlsecError as e:
774786
six.raise_from(EncryptError(com_list), e)
775787

788+
if self._xmlsec_delete_tmpfiles:
789+
os.remove(fil)
790+
776791
return output.decode('utf-8')
777792

778793
def decrypt(self, enctext, key_file, id_attr):
@@ -822,7 +837,7 @@ def sign_statement(self, statement, node_name, key_file, node_id, id_attr):
822837
decode=False,
823838
delete=self._xmlsec_delete_tmpfiles,
824839
)
825-
840+
826841
com_list = [
827842
self.xmlsec,
828843
'--sign',
@@ -915,7 +930,10 @@ def _run_xmlsec(self, com_list, extra_args):
915930
raise XmlsecError(errmsg)
916931

917932
ntf.seek(0)
918-
return p_out, p_err, ntf.read()
933+
ntf_content = ntf.read()
934+
#if self._xmlsec_delete_tmpfiles:
935+
#os.remove(ntf.name)
936+
return p_out, p_err, ntf_content
919937

920938

921939
class CryptoBackendXMLSecurity(CryptoBackend):
@@ -1307,10 +1325,7 @@ def __init__(
13071325

13081326
self.encrypt_key_type = encrypt_key_type
13091327
# keep certificate files to debug xmlsec invocations
1310-
if os.environ.get('PYSAML2_KEEP_XMLSEC_TMP', None):
1311-
self._xmlsec_delete_tmpfiles = False
1312-
else:
1313-
self._xmlsec_delete_tmpfiles = True
1328+
self._xmlsec_delete_tmpfiles = get_environ_delete_tmpfiles()
13141329

13151330
def correctly_signed(self, xml, must=False):
13161331
logger.debug('verify correct signature')
@@ -1366,7 +1381,8 @@ def decrypt_keys(self, enctext, keys=None, id_attr=''):
13661381
for key in keys:
13671382
if not isinstance(key, six.binary_type):
13681383
key = key.encode("ascii")
1369-
_, key_file = make_temp(key, decode=False, delete=False)
1384+
_, key_file = make_temp(key, decode=False,
1385+
delete=False)
13701386
key_files.append(key_file)
13711387

13721388
try:

0 commit comments

Comments
 (0)