IdentityPython
feat: configurable encryption algorithm types
Description
The feature or problem addressed by this PR
Encrypt assertion session key and transport key algorithms were hardcoded.
closes: #821
What your changes do and why you chose this solution
Added encrypt_assertion_session_key_algs and encrypt_assertion_cert_key_algs configuration options to specify algorithms which can be used for encrypting assertions. Both of them are lists and index represents algorithm priority (first one has highest priority).
When there is not cert prvided in parameters program will try to find one in metadata. Keys in metadata are prioritized in following order.
- with
use=encryptionand specifiedEncryptionMethods - with
use=encryption - without
use=encryption
If key has EncryptionMethods program will make intersect with configuration options and will take algorithms by its priority. If intersect is empty or there is not EncryptionMethod program will use first ones from config options.
Added paramters and their propagation to Server.create_authn_response specifying session key and transport key algorithms for encrypt_cert_advice and encrypt_cert_assertion. If they are not provided program will use first ones from new config options.
For support http://www.w3.org/2009/xmlenc11#rsa-oaep transport key alg with MGF1 xmlsec version>=1.3.0 is required.
Checklist
- [x] Checked that no other issues or pull requests exist for the same issue/change
- [ ] Added tests covering the new functionality
- [x] Updated documentation OR the change is too minor to be documented
- [ ] Updated CHANGELOG.md OR changes are insignificant
@c00kiemon5ter Hi, there already was a "next-release", would you consider merging this?
