Useful when debugging 'after the fact'.
This commit is contained in:
Roland Hedberg
@@ -265,6 +265,7 @@ class StatusResponse(object):
|
|||||||
self.require_response_signature = False
|
self.require_response_signature = False
|
||||||
self.not_signed = False
|
self.not_signed = False
|
||||||
self.asynchop = asynchop
|
self.asynchop = asynchop
|
||||||
|
self.do_not_verify = False
|
||||||
|
|
||||||
def _clear(self):
|
def _clear(self):
|
||||||
self.xmlstr = ""
|
self.xmlstr = ""
|
||||||
@@ -316,10 +317,16 @@ class StatusResponse(object):
|
|||||||
else:
|
else:
|
||||||
self.origxml = self.xmlstr
|
self.origxml = self.xmlstr
|
||||||
|
|
||||||
|
if self.do_not_verify:
|
||||||
|
args = {"do_not_verify": True}
|
||||||
|
else:
|
||||||
|
args = {}
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.response = self.signature_check(
|
self.response = self.signature_check(
|
||||||
xmldata, origdoc=origxml, must=self.require_signature,
|
xmldata, origdoc=origxml, must=self.require_signature,
|
||||||
require_response_signature=self.require_response_signature)
|
require_response_signature=self.require_response_signature,
|
||||||
|
**args)
|
||||||
|
|
||||||
except TypeError:
|
except TypeError:
|
||||||
raise
|
raise
|
||||||
@@ -759,7 +766,7 @@ class AuthnResponse(StatusResponse):
|
|||||||
raise SignatureError("Signature missing for assertion")
|
raise SignatureError("Signature missing for assertion")
|
||||||
else:
|
else:
|
||||||
logger.debug("signed")
|
logger.debug("signed")
|
||||||
if not verified:
|
if not verified and self.do_not_verify is False:
|
||||||
try:
|
try:
|
||||||
self.sec.check_signature(assertion, class_name(assertion),self.xmlstr)
|
self.sec.check_signature(assertion, class_name(assertion),self.xmlstr)
|
||||||
except Exception as exc:
|
except Exception as exc:
|
||||||
|
|||||||
@@ -1678,29 +1678,14 @@ class SecurityContext(object):
|
|||||||
raise TypeError("Not a Response")
|
raise TypeError("Not a Response")
|
||||||
|
|
||||||
if response.signature:
|
if response.signature:
|
||||||
self._check_signature(decoded_xml, response, class_name(response),
|
if "do_not_verify" in kwargs:
|
||||||
origdoc)
|
pass
|
||||||
|
else:
|
||||||
|
self._check_signature(decoded_xml, response,
|
||||||
|
class_name(response), origdoc)
|
||||||
elif require_response_signature:
|
elif require_response_signature:
|
||||||
raise SignatureError("Signature missing for response")
|
raise SignatureError("Signature missing for response")
|
||||||
|
|
||||||
# if isinstance(response, Response) and response.assertion:
|
|
||||||
# # Try to find the signing cert in the assertion
|
|
||||||
# for assertion in response.assertion:
|
|
||||||
# if not hasattr(assertion, 'signature') or not assertion.signature:
|
|
||||||
# logger.debug("unsigned")
|
|
||||||
# if must:
|
|
||||||
# raise SignatureError("Signature missing for assertion")
|
|
||||||
# continue
|
|
||||||
# else:
|
|
||||||
# logger.debug("signed")
|
|
||||||
#
|
|
||||||
# try:
|
|
||||||
# self._check_signature(decoded_xml, assertion,
|
|
||||||
# class_name(assertion), origdoc)
|
|
||||||
# except Exception as exc:
|
|
||||||
# logger.error("correctly_signed_response: %s" % exc)
|
|
||||||
# raise
|
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
#--------------------------------------------------------------------------
|
#--------------------------------------------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user