@@ -210,7 +210,18 @@ def _get_xmlsec_cryptobackend(path=None, search_paths=None):
210
210
ENC_NODE_NAME = 'urn:oasis:names:tc:SAML:2.0:assertion:EncryptedAssertion'
211
211
ENC_KEY_CLASS = 'EncryptedKey'
212
212
213
-
213
+ def get_environ_delete_tmpfiles ():
214
+ xmlsec_delete_tmpfiles = os .environ .get ('PYSAML2_DELETE_XMLSEC_TMP' , None )
215
+ if not xmlsec_delete_tmpfiles :
216
+ xmlsec_delete_tmpfiles = True
217
+ elif xmlsec_delete_tmpfiles == 'False' :
218
+ xmlsec_delete_tmpfiles = False
219
+ logger .warn ('PYSAML2_DELETE_XMLSEC_TMP set to False, '
220
+ 'temporary xml files will not be deleted.' )
221
+ else :
222
+ xmlsec_delete_tmpfiles = True
223
+ return xmlsec_delete_tmpfiles
224
+
214
225
def _make_vals (val , klass , seccont , klass_inst = None , prop = None , part = False ,
215
226
base64encode = False , elements_to_sign = None ):
216
227
"""
@@ -322,7 +333,7 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
322
333
return instance
323
334
324
335
325
- def make_temp (string , suffix = '' , decode = True , delete = True ):
336
+ def make_temp (string , suffix = '' , decode = True , delete = get_environ_delete_tmpfiles () ):
326
337
""" xmlsec needs files in some cases where only strings exist, hence the
327
338
need for this function. It creates a temporary file with the
328
339
string as only content.
@@ -679,10 +690,8 @@ def __init__(self, xmlsec_binary, **kwargs):
679
690
CryptoBackend .__init__ (self , ** kwargs )
680
691
assert (isinstance (xmlsec_binary , six .string_types ))
681
692
self .xmlsec = xmlsec_binary
682
- self ._xmlsec_delete_tmpfiles = os .environ .get (
683
- 'PYSAML2_KEEP_XMLSEC_TMP' , False
684
- )
685
-
693
+ self ._xmlsec_delete_tmpfiles = get_environ_delete_tmpfiles ()
694
+
686
695
try :
687
696
self .non_xml_crypto = RSACrypto (kwargs ['rsa_key' ])
688
697
except KeyError :
@@ -710,7 +719,7 @@ def encrypt(self, text, recv_key, template, session_key_type, xpath=''):
710
719
:return:
711
720
"""
712
721
logger .debug ('Encryption input len: %d' , len (text ))
713
- _ , fil = make_temp (text , decode = False )
722
+ _ , fil = make_temp (text , decode = False , delete = False )
714
723
715
724
com_list = [
716
725
self .xmlsec ,
@@ -728,6 +737,9 @@ def encrypt(self, text, recv_key, template, session_key_type, xpath=''):
728
737
except XmlsecError as e :
729
738
six .raise_from (EncryptError (com_list ), e )
730
739
740
+ if self ._xmlsec_delete_tmpfiles :
741
+ os .remove (fil )
742
+
731
743
return output
732
744
733
745
def encrypt_assertion (self , statement , enc_key , template , key_type = 'des-192' , node_xpath = None , node_id = None ):
@@ -749,8 +761,8 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
749
761
statement = pre_encrypt_assertion (statement )
750
762
751
763
_ , fil = make_temp (
752
- _str (statement ), decode = False , delete = self . _xmlsec_delete_tmpfiles
753
- )
764
+ _str (statement ), decode = False ,
765
+ delete = False )
754
766
_ , tmpl = make_temp (_str (template ), decode = False )
755
767
756
768
if not node_xpath :
@@ -773,6 +785,9 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
773
785
except XmlsecError as e :
774
786
six .raise_from (EncryptError (com_list ), e )
775
787
788
+ if self ._xmlsec_delete_tmpfiles :
789
+ os .remove (fil )
790
+
776
791
return output .decode ('utf-8' )
777
792
778
793
def decrypt (self , enctext , key_file , id_attr ):
@@ -822,7 +837,7 @@ def sign_statement(self, statement, node_name, key_file, node_id, id_attr):
822
837
decode = False ,
823
838
delete = self ._xmlsec_delete_tmpfiles ,
824
839
)
825
-
840
+
826
841
com_list = [
827
842
self .xmlsec ,
828
843
'--sign' ,
@@ -915,7 +930,10 @@ def _run_xmlsec(self, com_list, extra_args):
915
930
raise XmlsecError (errmsg )
916
931
917
932
ntf .seek (0 )
918
- return p_out , p_err , ntf .read ()
933
+ ntf_content = ntf .read ()
934
+ #if self._xmlsec_delete_tmpfiles:
935
+ #os.remove(ntf.name)
936
+ return p_out , p_err , ntf_content
919
937
920
938
921
939
class CryptoBackendXMLSecurity (CryptoBackend ):
@@ -1307,10 +1325,7 @@ def __init__(
1307
1325
1308
1326
self .encrypt_key_type = encrypt_key_type
1309
1327
# keep certificate files to debug xmlsec invocations
1310
- if os .environ .get ('PYSAML2_KEEP_XMLSEC_TMP' , None ):
1311
- self ._xmlsec_delete_tmpfiles = False
1312
- else :
1313
- self ._xmlsec_delete_tmpfiles = True
1328
+ self ._xmlsec_delete_tmpfiles = get_environ_delete_tmpfiles ()
1314
1329
1315
1330
def correctly_signed (self , xml , must = False ):
1316
1331
logger .debug ('verify correct signature' )
@@ -1366,7 +1381,8 @@ def decrypt_keys(self, enctext, keys=None, id_attr=''):
1366
1381
for key in keys :
1367
1382
if not isinstance (key , six .binary_type ):
1368
1383
key = key .encode ("ascii" )
1369
- _ , key_file = make_temp (key , decode = False , delete = False )
1384
+ _ , key_file = make_temp (key , decode = False ,
1385
+ delete = False )
1370
1386
key_files .append (key_file )
1371
1387
1372
1388
try :
0 commit comments