Looks at the Popen returncode.

2014-12-15 15:11:26 +01:00
parent b3a7db9840
commit 6787ce4dd5
3 changed files with 46 additions and 8 deletions
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -543,6 +543,7 @@ class Entity(HTTPBase):
                if to_sign:
                    signed_instance_factory(response, self.sec, to_sign)
                else:
+                    # default is to sign the whole response if anything
                    sign_class = [(class_name(response), response.id)]
                    return signed_instance_factory(response, self.sec,
                                                   sign_class)
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -847,8 +847,8 @@ class CryptoBackendXmlSec1(CryptoBackend):
            com_list.extend(["--node-id", node_id])

        try:
-            (stdout, stderr, signed_statement) = \
-                self._run_xmlsec(com_list, [fil], validate_output=False)
+            (stdout, stderr, signed_statement) = self._run_xmlsec(
+                com_list, [fil], validate_output=False)
            # this doesn't work if --store-signatures are used
            if stdout == "":
                if signed_statement:
@@ -924,12 +924,17 @@ class CryptoBackendXmlSec1(CryptoBackend):

        p_out = pof.stdout.read()
        p_err = pof.stderr.read()
+
+        if pof.returncode is not None and pof.returncode < 0:
+            logger.error(LOG_LINE % (p_out, p_err))
+            raise XmlsecError("%d:%s" % (pof.returncode, p_err))
+
        try:
            if validate_output:
                parse_xmlsec_output(p_err)
        except XmlsecError, exc:
            logger.error(LOG_LINE_2 % (p_out, p_err, exc))
-            raise exception("%s" % (exc,))
+            raise

        ntf.seek(0)
        return p_out, p_err, ntf.read()
--- a/tests/test_40_sigver.py
+++ b/tests/test_40_sigver.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python

 import base64
-from saml2.sigver import pre_encryption_part, make_temp
+from saml2.sigver import pre_encryption_part, make_temp, XmlsecError
 from saml2.mdstore import MetadataStore
 from saml2.saml import assertion_from_string, EncryptedAssertion
 from saml2.samlp import response_from_string
@@ -438,7 +438,8 @@ def test_xbox():
    )

    sigass = sec.sign_statement(assertion, class_name(assertion),
-                                key_file=full_path("test.key"), node_id=assertion.id)
+                                key_file=full_path("test.key"),
+                                node_id=assertion.id)

    _ass0 = saml.assertion_from_string(sigass)

@@ -471,7 +472,38 @@ def test_xbox():
    print assertions


+def test_xmlsec_err():
+    conf = config.SPConfig()
+    conf.load_file("server_conf")
+    md = MetadataStore([saml, samlp], None, conf)
+    md.load("local", full_path("idp_example.xml"))
+
+    conf.metadata = md
+    conf.only_use_keys_in_metadata = False
+    sec = sigver.security_context(conf)
+
+    assertion = factory(
+        saml.Assertion, version="2.0", id="11111",
+        issue_instant="2009-10-30T13:20:28Z",
+        signature=sigver.pre_signature_part("11111", sec.my_cert, 1),
+        attribute_statement=do_attribute_statement(
+            {("", "", "surName"): ("Foo", ""),
+             ("", "", "givenName"): ("Bar", ""), })
+    )
+
+    try:
+        sec.sign_statement(assertion, class_name(assertion),
+                           key_file=full_path("tes.key"),
+                           node_id=assertion.id)
+    except XmlsecError as err:  # should throw an exception
+        pass
+    else:
+        assert False
+
+
 if __name__ == "__main__":
-    t = TestSecurity()
-    t.setup_class()
-    t.test_non_verify_2()
+    # t = TestSecurity()
+    # t.setup_class()
+    # t.test_non_verify_2()
+
+    test_xbox()