Support for in-memory key/cert

[joshma]

Currently I see that you can set key_file and cert_file - however, this requires having the data on the filesystem.

In our case, we have the data in memory but it's not convenient to write it to disk. Is it possible to accept a base64-encoded string instead of a filepath?

[peppelinux]

I'd also add these:

https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L325
https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L1462

As we know I/O disk is the most time consuming thing in IT infrastructures.
As we can see every AuthnRequest, validated with metadata key, creates a temporary pem file.
This impact seriously on performances.

Is there any code refactor about this current approach?

[peppelinux]

#278 (comment)

[omidraha]

I would like to load all certs, configs and metadata files from memory or DB:

• "key_file": full_path("pki/mykey.pem") [here], [here], [here]

• "cert_file": full_path("pki/mycert.pem"), [here], [here], [here]

• "metadata": { "local": [full_path("../sp-wsgi/sp.xml")],}, [here], [here],

• "metadata": {"local": ["../idp2/idp.xml"]}, [here]

[mheuwes]

If you are on linux, a tmpfs or /dev/shm might be what you want for certificates. As for metadata, they can already be passed as a string using the inline type.

[prauscher]

This might be old, but I would like to add a use case for this: Say your application is packaged as a full Container, but the container shall not include secrets (at least not without encryption). As pysaml2 only supports reading from file, the key must first be stored inside the container. To improve security, allowing writes during runtime of a container is kinda discouraged but currently required for such scenarios.

Would such a change be accepted? If yes, where could I start to provide a PR?