Skip to content

Commit

Permalink
Allow to choose algorithms when creating metadata
Browse files Browse the repository at this point in the history 
Signature and digest algorithms can now be selected with the following
command line arguments

  -S <sign alg>   (default: http://www.w3.org/2000/09/xmldsig#rsa-sha1)
  -D <digest alg> (default: http://www.w3.org/2000/09/xmldsig#sha1)

Example:

  $ ../../tools/make_metadata.py \
    -s -x /usr/bin/xmlsec1 \
    -k pki/mykey.pem -c pki/mycert.pem \
    -S http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 \
    -D http://www.w3.org/2001/04/xmlenc#sha512 \
    sp_conf
  • Loading branch information
@psmiraglia
psmiraglia committed Sep 20, 2019
1 parent 73c051e commit eace864
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion tools/make_metadata.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@
help="xmlsec binaries to be used for the signing")
parser.add_argument('-w', dest='wellknown',
help="Use wellknown namespace prefixes")
parser.add_argument('-S', dest='signalg',
default='http://www.w3.org/2000/09/xmldsig#rsa-sha1',
help="Algorithm to sign the metadata")
parser.add_argument('-D', dest='digestalg',
default='http://www.w3.org/2000/09/xmldsig#sha1',
help="Algorithm to compute the digest of the metadata")
parser.add_argument(dest="config", nargs="+")
args = parser.parse_args()

Expand Down Expand Up @@ -76,7 +82,10 @@
if args.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, args.id, secc)
sign_alg = args.signalg
digest_alg = args.digestalg
eid, xmldoc = sign_entity_descriptor(eid, args.id, secc, sign_alg,
digest_alg)
else:
xmldoc = None

Expand Down

0 comments on commit eace864

Please sign in to comment.