pysaml2 icon indicating copy to clipboard operation
pysaml2 copied to clipboard
verified publisher icon IdentityPython

x509 certificate with trailing whitespace doesn't load

Open daggaz opened this issue 6 years ago • 0 comments

When reading x509 certificates in order to produce metadata, the library assumes that the first and last lines are the begin/end certificate markers, and blindly trims them: https://github.com/IdentityPython/pysaml2/blob/v5.0.0/src/saml2/metadata.py#L832

If you have a cert with a trailing blank line this result in the metadata being generated an invalid certificate.

The cyptography library itself handles leading/trailing data without issue.

Code Version

Latest

Expected Behavior

The library should not produce invalid metadata when presented with a PEM certificate with a trailing new line.

Current Behavior

Invalid metadata

Possible Solution

Load the given PEM data and serialize it back out using the cryptography library. This would also catch any other issues with the certificate data:

cert = x509.load_pem_x509_certificate(pem_data, default_backend())
pem_data = cert.public_bytes(serialization.Encoding.PEM)[1:-1]

daggaz avatar Jan 13 '20 15:01 daggaz