diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index f89f347..f67db59 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -1539,27 +1539,11 @@ class SecurityContext(object): for _, pem_file in certs: try: last_pem_file = pem_file - if origdoc is not None: - try: - if self.verify_signature(origdoc, pem_file, - node_name=node_name, - node_id=item.id, - id_attr=id_attr): - verified = True - break - except Exception: - if self.verify_signature(decoded_xml, pem_file, - node_name=node_name, - node_id=item.id, - id_attr=id_attr): - verified = True - break - else: - if self.verify_signature(decoded_xml, pem_file, - node_name=node_name, - node_id=item.id, id_attr=id_attr): - verified = True - break + if self.verify_signature(decoded_xml, pem_file, + node_name=node_name, + node_id=item.id, id_attr=id_attr): + verified = True + break except XmlsecError as exc: logger.error("check_sig: %s", exc) pass diff --git a/tests/test_41_response.py b/tests/test_41_response.py index 0c6992a..e017d1c 100644 --- a/tests/test_41_response.py +++ b/tests/test_41_response.py @@ -16,7 +16,7 @@ from pathutils import full_path FALSE_ASSERT_SIGNED = full_path("saml_false_signed.xml") -TIMESLACK = 40000000 # Roughly +- 24 month +TIMESLACK = 62000000 # Roughly +- 24 month def _eq(l1, l2):