Merge branch 'master' of github.com:rohe/pysaml2

Author: Roland Hedberg

LICENSE.txt

@@ -1,25 +1,13 @@
 Copyright 2014 Roland Hedberg. All rights reserved.
 
-Redistribution and use in source and binary forms, with or without modification, are
-permitted provided that the following conditions are met:
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-   1. Redistributions of source code must retain the above copyright notice, this list of
-      conditions and the following disclaimer.
+    http://www.apache.org/licenses/LICENSE-2.0
 
-   2. Redistributions in binary form must reproduce the above copyright notice, this list
-      of conditions and the following disclaimer in the documentation and/or other materials
-      provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY Roland Hedberg ``AS IS'' AND ANY EXPRESS OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Roland Hedberg OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-The views and conclusions contained in the software and documentation are those of the
-authors and should not be interpreted as representing official policies, either expressed
-or implied of their employers.
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

MANIFEST.in

@@ -1,4 +1,5 @@
 include INSTALL
+include LICENSE.txt
 include README
 include TODO
 recursive-include tests *

src/saml2/sigver.py

@@ -5,8 +5,10 @@
 """ Functions connected to signing and verifying.
 Based on the use of xmlsec1 binaries and not the python xmlsec module.
 """
+from OpenSSL import crypto
 
 import base64
+from base64 import b64decode
 import hashlib
 import logging
 import os
@@ -382,20 +384,25 @@ def active_cert(key):
     :param key: The Key
     :return: True if the key is active else False
     """
-    cert_str = pem_format(key)
-    certificate = importKey(cert_str)
     try:
-        not_before = to_time(str(certificate.get_not_before()))
-        not_after = to_time(str(certificate.get_not_after()))
-        assert not_before < utc_now()
-        assert not_after > utc_now()
-        return True
+        cert_str = pem_format(key)
+        try:
+            certificate = importKey(cert_str)
+            not_before = to_time(str(certificate.get_not_before()))
+            not_after = to_time(str(certificate.get_not_after()))
+            assert not_before < utc_now()
+            assert not_after > utc_now()
+            return True
+        except:
+                cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
+                assert cert.has_expired() == 0
+                assert not OpenSSLWrapper().certificate_not_valid_yet(cert)
+                return True
     except AssertionError:
         return False
     except AttributeError:
         return False
 
-
 def cert_from_key_info(key_info, ignore_age=False):
     """ Get all X509 certs from a KeyInfo instance. Care is taken to make sure
     that the certs are continues sequences of bytes.