Return only the file descriptor when creating temp files

c00kiemon5ter · c00kiemon5ter · commit d741a1597288 · 2019-09-01T23:45:46.000+02:00
Signed-off-by: Ivan Kanakarakis &lt;ivan.kanak@gmail.com&gt;
diff --git a/src/saml2/entity.py b/src/saml2/entity.py
@@ -144,8 +144,8 @@ def __init__(self, entity_type, config=None, config_file="",
             if _val.startswith("http"):
                 r = requests.request("GET", _val)
                 if r.status_code == 200:
-                    _, filename = make_temp(r.text, ".pem", False)
-                    setattr(self.config, item, filename)
+                    tmp = make_temp(r.text, ".pem", False)
+                    setattr(self.config, item, tmp.name)
                 else:
                     raise Exception(
                         "Could not fetch certificate from %s" % _val)
@@ -568,8 +568,8 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response,
                     _cert = "%s%s" % (begin_cert, _cert)
                 if end_cert not in _cert:
                     _cert = "%s%s" % (_cert, end_cert)
-                _, cert_file = make_temp(_cert.encode('ascii'), decode=False)
-                response = self.sec.encrypt_assertion(response, cert_file,
+                tmp = make_temp(_cert.encode('ascii'), decode=False)
+                response = self.sec.encrypt_assertion(response, tmp.name,
                                                       pre_encryption_part(),
                                                       node_xpath=node_xpath)
                 return response
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -336,31 +336,31 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
         return instance
 
 
-def make_temp(string, suffix='', decode=True, delete=True):
-    """ xmlsec needs files in some cases where only strings exist, hence the
-    need for this function. It creates a temporary file with the
-    string as only content.
+def make_temp(content, suffix="", decode=True, delete=True):
+    """
+    Create a temporary file with the given content.
+
+    This is needed by xmlsec in some cases where only strings exist when files
+    are expected.
 
-    :param string: The information to be placed in the file
+    :param content: The information to be placed in the file
     :param suffix: The temporary file might have to have a specific
         suffix in certain circumstances.
-    :param decode: The input string might be base64 coded. If so it
+    :param decode: The input content might be base64 coded. If so it
         must, in some cases, be decoded before being placed in the file.
     :return: 2-tuple with file pointer ( so the calling function can
         close the file) and filename (which is for instance needed by the
         xmlsec function).
     """
-    ntf = NamedTemporaryFile(suffix=suffix, delete=delete)
-    # Python3 tempfile requires byte-like object
-    if not isinstance(string, six.binary_type):
-        string = string.encode('utf-8')
-
-    if decode:
-        ntf.write(base64.b64decode(string))
-    else:
-        ntf.write(string)
+    content_encoded = (
+        content.encode("utf-8") if not isinstance(content, six.binary_type) else content
+    )
+    content_raw = base64.b64decode(content_encoded) if decode else content_encoded
+    delete_tmpfiles = delete
+    ntf = NamedTemporaryFile(suffix=suffix, delete=delete_tmpfiles)
+    ntf.write(content_raw)
     ntf.seek(0)
-    return ntf, ntf.name
+    return ntf
 
 
 def split_len(seq, length):
@@ -722,13 +722,13 @@ def encrypt(self, text, recv_key, template, session_key_type, xpath=''):
         :return:
         """
         logger.debug('Encryption input len: %d', len(text))
-        f, fil = make_temp(text, decode=False)
+        tmp = make_temp(text, decode=False)
         com_list = [
             self.xmlsec,
             '--encrypt',
             '--pubkey-cert-pem', recv_key,
             '--session-key', session_key_type,
-            '--xml-data', fil,
+            '--xml-data', tmp.name,
         ]
 
         if xpath:
@@ -759,9 +759,8 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
         if isinstance(statement, SamlBase):
             statement = pre_encrypt_assertion(statement)
 
-        f, fil = make_temp(
-            _str(statement), decode=False)
-        t, tmpl = make_temp(_str(template), decode=False)
+        tmp = make_temp(_str(statement), decode=False)
+        tmp2 = make_temp(_str(template), decode=False)
 
         if not node_xpath:
             node_xpath = ASSERT_XPATH
@@ -771,15 +770,15 @@ def encrypt_assertion(self, statement, enc_key, template, key_type='des-192', no
             '--encrypt',
             '--pubkey-cert-pem', enc_key,
             '--session-key', key_type,
-            '--xml-data', fil,
+            '--xml-data', tmp.name,
             '--node-xpath', node_xpath,
         ]
 
         if node_id:
             com_list.extend(['--node-id', node_id])
 
         try:
-            (_stdout, _stderr, output) = self._run_xmlsec(com_list, [tmpl])
+            (_stdout, _stderr, output) = self._run_xmlsec(com_list, [tmp2.name])
         except XmlsecError as e:
             six.raise_from(EncryptError(com_list), e)
 
@@ -794,7 +793,7 @@ def decrypt(self, enctext, key_file, id_attr):
         """
 
         logger.debug('Decrypt input len: %d', len(enctext))
-        _, fil = make_temp(enctext, decode=False)
+        tmp = make_temp(enctext, decode=False)
 
         com_list = [
             self.xmlsec,
@@ -805,7 +804,7 @@ def decrypt(self, enctext, key_file, id_attr):
         ]
 
         try:
-            (_stdout, _stderr, output) = self._run_xmlsec(com_list, [fil])
+            (_stdout, _stderr, output) = self._run_xmlsec(com_list, [tmp.name])
         except XmlsecError as e:
             six.raise_from(DecryptError(com_list), e)
 
@@ -826,12 +825,7 @@ def sign_statement(self, statement, node_name, key_file, node_id, id_attr):
         if isinstance(statement, SamlBase):
             statement = str(statement)
 
-        _, fil = make_temp(
-            statement,
-            suffix='.xml',
-            decode=False,
-            delete=self._xmlsec_delete_tmpfiles,
-        )
+        tmp = make_temp(statement, suffix=".xml", decode=False, delete=self._xmlsec_delete_tmpfiles)
 
         com_list = [
             self.xmlsec,
@@ -845,7 +839,7 @@ def sign_statement(self, statement, node_name, key_file, node_id, id_attr):
             com_list.extend(['--node-id', node_id])
 
         try:
-            (stdout, stderr, output) = self._run_xmlsec(com_list, [fil])
+            (stdout, stderr, output) = self._run_xmlsec(com_list, [tmp.name])
         except XmlsecError as e:
             raise SignatureError(com_list)
 
@@ -872,12 +866,7 @@ def validate_signature(self, signedtext, cert_file, cert_type, node_name, node_i
         if not isinstance(signedtext, six.binary_type):
             signedtext = signedtext.encode('utf-8')
 
-        _, fil = make_temp(
-            signedtext,
-            suffix='.xml',
-            decode=False,
-            delete=self._xmlsec_delete_tmpfiles,
-        )
+        tmp = make_temp(signedtext, suffix=".xml", decode=False, delete=self._xmlsec_delete_tmpfiles)
 
         com_list = [
             self.xmlsec,
@@ -892,7 +881,7 @@ def validate_signature(self, signedtext, cert_file, cert_type, node_name, node_i
             com_list.extend(['--node-id', node_id])
 
         try:
-            (_stdout, stderr, _output) = self._run_xmlsec(com_list, [fil])
+            (_stdout, stderr, _output) = self._run_xmlsec(com_list, [tmp.name])
         except XmlsecError as e:
             six.raise_from(SignatureError(com_list), e)
 
@@ -1369,15 +1358,16 @@ def decrypt_keys(self, enctext, keys=None, id_attr=''):
         if not isinstance(keys, list):
             keys = [keys]
 
-        keys = [key for key in keys if key]
-        for key in keys:
-            if not isinstance(key, six.binary_type):
-                key = key.encode("ascii")
-            key_file, _ = make_temp(key, decode=False)
-            key_files.append(key_file)
+        keys_filtered = (key for key in keys if key)
+        keys_encoded = (
+            key.encode("ascii") if not isinstance(key, six.binary_type) else key
+            for key in keys_filtered
+        )
+        key_files = list(make_temp(key, decode=False) for key in keys_encoded)
+        key_file_names = list(tmp.name for tmp in key_files)
 
         try:
-            dectext = self.decrypt(enctext, key_file=[x.name for x in key_files], id_attr=id_attr)
+            dectext = self.decrypt(enctext, key_file=key_file_names, id_attr=id_attr)
         except DecryptError as e:
             raise
         else:
@@ -1462,14 +1452,9 @@ def _check_signature(self, decoded_xml, item, node_name=NODE_NAME, origdoc=None,
 
             for cert in _certs:
                 if isinstance(cert, six.string_types):
-                    certs.append(
-                        make_temp(
-                            pem_format(cert),
-                            suffix='.pem',
-                            decode=False,
-                            delete=self._xmlsec_delete_tmpfiles,
-                        )
-                    )
+                    content = pem_format(cert)
+                    tmp = make_temp(content, suffix=".pem", decode=False, delete=self._xmlsec_delete_tmpfiles)
+                    certs.append(tmp)
                 else:
                     certs.append(cert)
         else:
@@ -1478,12 +1463,7 @@ def _check_signature(self, decoded_xml, item, node_name=NODE_NAME, origdoc=None,
         if not certs and not self.only_use_keys_in_metadata:
             logger.debug('==== Certs from instance ====')
             certs = [
-                make_temp(
-                    pem_format(cert),
-                    suffix='.pem',
-                    decode=False,
-                    delete=self._xmlsec_delete_tmpfiles,
-                )
+                make_temp(content=pem_format(cert), suffix=".pem", decode=False, delete=self._xmlsec_delete_tmpfiles)
                 for cert in cert_from_instance(item)
             ]
         else:
@@ -1495,12 +1475,12 @@ def _check_signature(self, decoded_xml, item, node_name=NODE_NAME, origdoc=None,
         verified = False
         last_pem_file = None
 
-        for _, pem_file in certs:
+        for pem_fd in certs:
             try:
-                last_pem_file = pem_file
+                last_pem_file = pem_fd.name
                 if self.verify_signature(
                         decoded_xml,
-                        pem_file,
+                        pem_fd.name,
                         node_name=node_name,
                         node_id=item.id,
                         id_attr=id_attr):
@@ -1670,7 +1650,9 @@ def sign_statement(self, statement, node_name, key=None, key_file=None, node_id=
             id_attr = self.id_attr
 
         if not key_file and key:
-            _, key_file = make_temp(str(key).encode(), '.pem')
+            content = str(key).encode()
+            tmp = make_temp(content, suffix=".pem")
+            key_file = tmp.name
 
         if not key and not key_file:
             key_file = self.key_file
