Useful when debugging 'after the fact'.

2015-09-07 09:13:30 +02:00
parent e41a593c3e
commit 177892dab5
2 changed files with 14 additions and 22 deletions
--- a/src/saml2/response.py
+++ b/src/saml2/response.py
@@ -265,6 +265,7 @@ class StatusResponse(object):
        self.require_response_signature = False
        self.not_signed = False
        self.asynchop = asynchop
+        self.do_not_verify = False

    def _clear(self):
        self.xmlstr = ""
@@ -316,10 +317,16 @@ class StatusResponse(object):
        else:
            self.origxml = self.xmlstr

+        if self.do_not_verify:
+            args = {"do_not_verify": True}
+        else:
+            args = {}
+
        try:
            self.response = self.signature_check(
                xmldata, origdoc=origxml, must=self.require_signature,
-                require_response_signature=self.require_response_signature)
+                require_response_signature=self.require_response_signature,
+                **args)

        except TypeError:
            raise
@@ -759,7 +766,7 @@ class AuthnResponse(StatusResponse):
                raise SignatureError("Signature missing for assertion")
        else:
            logger.debug("signed")
-            if not verified:
+            if not verified and self.do_not_verify is False:
                try:
                    self.sec.check_signature(assertion, class_name(assertion),self.xmlstr)
                except Exception as exc:
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -1678,29 +1678,14 @@ class SecurityContext(object):
            raise TypeError("Not a Response")

        if response.signature:
-            self._check_signature(decoded_xml, response, class_name(response),
-                                  origdoc)
+            if "do_not_verify" in kwargs:
+                pass
+            else:
+                self._check_signature(decoded_xml, response,
+                                      class_name(response), origdoc)
        elif require_response_signature:
            raise SignatureError("Signature missing for response")

-        # if isinstance(response, Response) and response.assertion:
-        #     # Try to find the signing cert in the assertion
-        #     for assertion in response.assertion:
-        #         if not hasattr(assertion, 'signature') or not assertion.signature:
-        #             logger.debug("unsigned")
-        #             if must:
-        #                 raise SignatureError("Signature missing for assertion")
-        #             continue
-        #         else:
-        #             logger.debug("signed")
-        #
-        #         try:
-        #             self._check_signature(decoded_xml, assertion,
-        #                                   class_name(assertion), origdoc)
-        #         except Exception as exc:
-        #             logger.error("correctly_signed_response: %s" % exc)
-        #             raise
-
        return response

    #--------------------------------------------------------------------------