| |
@@ -21,6 +21,7 @@
|
| |
from datetime import timedelta
|
| |
import lasso
|
| |
import os
|
| |
+ import sys
|
| |
import time
|
| |
import uuid
|
| |
|
| |
@@ -287,7 +288,6 @@
|
| |
)
|
| |
if cherrypy.config.get('debug', False):
|
| |
import logging
|
| |
- import sys
|
| |
logger = logging.getLogger('lasso')
|
| |
lh = logging.StreamHandler(sys.stderr)
|
| |
logger.addHandler(lh)
|
| |
@@ -506,6 +506,10 @@
|
| |
METADATA_DEFAULT_VALIDITY_PERIOD))
|
| |
group.add_argument('--saml2-session-dburl',
|
| |
help='session database URL')
|
| |
+ group.add_argument('--saml2-cert-path', default=None,
|
| |
+ help='full path to certificate')
|
| |
+ group.add_argument('--saml2-key-path', default=None,
|
| |
+ help='full path to key')
|
| |
|
| |
def configure(self, opts, changes):
|
| |
if opts['saml2'] != 'yes':
|
| |
@@ -516,9 +520,16 @@
|
| |
if not os.path.exists(path):
|
| |
os.makedirs(path, 0700)
|
| |
|
| |
- # Use the same cert for signing and ecnryption for now
|
| |
- cert = Certificate(path)
|
| |
- cert.generate('idp', opts['hostname'])
|
| |
+ # Use the same cert for signing and encryption for now
|
| |
+ if opts['saml2_cert_path'] and opts['saml2_key_path']:
|
| |
+ cert = Certificate(opts['saml2_cert_path'])
|
| |
+ cert.key = opts['saml2_key_path']
|
| |
+ cert.cert = opts['saml2_cert_path']
|
| |
+ elif any([opts['saml2_cert_path'], opts['saml2_key_path']]):
|
| |
+ sys.exit('You need to specify both or none of --saml2-cert-path and --saml2-key-path')
|
| |
+ else:
|
| |
+ cert = Certificate(path)
|
| |
+ cert.generate('idp', opts['hostname'])
|
| |
|
| |
# Generate Idp Metadata
|
| |
proto = 'https'
|
| |
Is there a specific reason you don't use Certificate.import_cert, which would set both properties with a single call?