Applied proposal by jozef@github. Pull request 301.

Fixed test error at the same time.

src/saml2/sigver.py

@@ -1539,27 +1539,11 @@ class SecurityContext(object):
         for _, pem_file in certs:
             try:
                 last_pem_file = pem_file
-                if origdoc is not None:
-                    try:
-                        if self.verify_signature(origdoc, pem_file,
-                                                 node_name=node_name,
-                                                 node_id=item.id,
-                                                 id_attr=id_attr):
-                            verified = True
-                            break
-                    except Exception:
-                        if self.verify_signature(decoded_xml, pem_file,
-                                                 node_name=node_name,
-                                                 node_id=item.id,
-                                                 id_attr=id_attr):
-                            verified = True
-                            break
-                else:
-                    if self.verify_signature(decoded_xml, pem_file,
-                                             node_name=node_name,
-                                             node_id=item.id, id_attr=id_attr):
-                        verified = True
-                        break
+                if self.verify_signature(decoded_xml, pem_file,
+                                         node_name=node_name,
+                                         node_id=item.id, id_attr=id_attr):
+                    verified = True
+                    break
             except XmlsecError as exc:
                 logger.error("check_sig: %s", exc)
                 pass

tests/test_41_response.py

@@ -16,7 +16,7 @@ from pathutils import full_path
 
 FALSE_ASSERT_SIGNED = full_path("saml_false_signed.xml")
 
-TIMESLACK = 40000000  # Roughly +- 24 month
+TIMESLACK = 62000000  # Roughly +- 24 month
 
 
 def _eq(l1, l2):