From d11e187da66cbb3530390eb7353380334fac779d Mon Sep 17 00:00:00 2001
From: Andreas Sieferlinger <andreas.sieferlinger@prosiebensat1digital.de>
Date: Jul 13 2017 10:48:10 +0000
Subject: [PATCH 1/5] very basic implementation of custom specified path

things one might want to add:
- check if file exists
- check if file is correctly encoded
- test in general

---

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 09bb12a..6d6541a 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -506,6 +506,10 @@ class Installer(ProviderInstaller):
                                  METADATA_DEFAULT_VALIDITY_PERIOD))
         group.add_argument('--saml2-session-dburl',
                            help='session database URL')
+        group.add_argument('--saml2-cert-path', default=None,
+                           help='full path to certificate')
+        group.add_argument('--saml2-key-path', default=None,
+                           help='full path to key')
 
     def configure(self, opts, changes):
         if opts['saml2'] != 'yes':
@@ -516,9 +520,14 @@ class Installer(ProviderInstaller):
         if not os.path.exists(path):
             os.makedirs(path, 0700)
 
-        # Use the same cert for signing and ecnryption for now
-        cert = Certificate(path)
-        cert.generate('idp', opts['hostname'])
+        # Use the same cert for signing and encryption for now
+        if opts['saml2_cert_path']:
+            cert = Certificate(opts['saml2_cert_path'])
+            cert.key = opts['saml2_key_path']
+            cert.cert = opts['saml2_cert_path']
+        else:
+            cert = Certificate(path)
+            cert.generate('idp', opts['hostname'])
 
         # Generate Idp Metadata
         proto = 'https'

From 45c6a68e3020b31eddc2dc254a787955ac261424 Mon Sep 17 00:00:00 2001
From: Andreas Sieferlinger <andreas.sieferlinger@prosiebensat1digital.de>
Date: Jul 13 2017 10:59:16 +0000
Subject: [PATCH 2/5] very basic implementation of custom specified path

things one might want to add:
- check if file exists
- check if file is correctly encoded
- test in general

Signed-off-by: Andreas Sieferlinger <andreas.sieferlinger@prosiebensat1digital.de>

---

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 09bb12a..6d6541a 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -506,6 +506,10 @@ class Installer(ProviderInstaller):
                                  METADATA_DEFAULT_VALIDITY_PERIOD))
         group.add_argument('--saml2-session-dburl',
                            help='session database URL')
+        group.add_argument('--saml2-cert-path', default=None,
+                           help='full path to certificate')
+        group.add_argument('--saml2-key-path', default=None,
+                           help='full path to key')
 
     def configure(self, opts, changes):
         if opts['saml2'] != 'yes':
@@ -516,9 +520,14 @@ class Installer(ProviderInstaller):
         if not os.path.exists(path):
             os.makedirs(path, 0700)
 
-        # Use the same cert for signing and ecnryption for now
-        cert = Certificate(path)
-        cert.generate('idp', opts['hostname'])
+        # Use the same cert for signing and encryption for now
+        if opts['saml2_cert_path']:
+            cert = Certificate(opts['saml2_cert_path'])
+            cert.key = opts['saml2_key_path']
+            cert.cert = opts['saml2_cert_path']
+        else:
+            cert = Certificate(path)
+            cert.generate('idp', opts['hostname'])
 
         # Generate Idp Metadata
         proto = 'https'

From 636bee71129f8ddd4ccdb0fac0b3c4c21a52dc99 Mon Sep 17 00:00:00 2001
From: Andreas Sieferlinger <andreas.sieferlinger@prosiebensat1digital.de>
Date: Jul 20 2017 08:25:22 +0000
Subject: [PATCH 4/5] add a little bit of opts checking


---

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 6d6541a..df003ef 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -21,6 +21,7 @@ import cherrypy
 from datetime import timedelta
 import lasso
 import os
+import sys
 import time
 import uuid
 
@@ -521,10 +522,12 @@ class Installer(ProviderInstaller):
             os.makedirs(path, 0700)
 
         # Use the same cert for signing and encryption for now
-        if opts['saml2_cert_path']:
+        if opts['saml2_cert_path'] and opts['saml2_key_path']:
             cert = Certificate(opts['saml2_cert_path'])
             cert.key = opts['saml2_key_path']
             cert.cert = opts['saml2_cert_path']
+        elif any([opts['saml2_cert_path'], opts['saml2_key_path']]):
+            sys.exit('You need to specify both or none of --saml2-cert-path and --saml2-key-path')
         else:
             cert = Certificate(path)
             cert.generate('idp', opts['hostname'])

From 099cb12276f3b2c3c75b74675e3816ac2c968763 Mon Sep 17 00:00:00 2001
From: Andreas Sieferlinger <andreas.sieferlinger@prosiebensat1digital.de>
Date: Jul 20 2017 08:45:45 +0000
Subject: [PATCH 5/5] remove double import of sys


---

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index df003ef..89bf714 100644
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -288,7 +288,6 @@ Provides SAML 2.0 authentication infrastructure. """
         )
         if cherrypy.config.get('debug', False):
             import logging
-            import sys
             logger = logging.getLogger('lasso')
             lh = logging.StreamHandler(sys.stderr)
             logger.addHandler(lh)