Formatting and restructure

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

Author: c00kiemon5ter

src/saml2/entity.py

@@ -516,8 +516,8 @@ def sign(
     # XXX DONE will actually use sign the POST-Binding
     # XXX DONE deepest level - needs to decide the sign value
     # XXX DONE calls self.sign must figure out sign
-    # XXX ensure both SPs and IdPs go through this
-    # XXX ensure this works for the POST-Binding
+    # XXX DONE ensure both SPs and IdPs go through this
+    # XXX DONE ensure this works for the POST-Binding
     def _message(
         self,
         request_cls,
@@ -673,6 +673,8 @@ def _encrypt_assertion(self, encrypt_cert, sp_entity_id, response, node_xpath=No
         return response
 
     # XXX DONE calls self.sign must figure out sign
+    # XXX calls signed_instance_factory - must have called pre_signature_part
+    # XXX calls pre_signature_part - must figure out sign_alg/digest_alg
     def _response(
         self,
         in_response_to,
@@ -746,8 +748,8 @@ def _response(
 
         sign = sign if sign is not None else self.should_sign
         if (
-            not sign
-            and to_sign
+            to_sign
+            and not sign
             and not encrypt_assertion
         ):
             return signed_instance_factory(response, self.sec, to_sign)

src/saml2/server.py

@@ -414,6 +414,7 @@ def setup_assertion(
                 **kwargs)
         return assertion
 
+    # XXX calls pre_signature_part
     # XXX > _response
     def _authn_response(
         self,

src/saml2/sigver.py

@@ -315,17 +315,20 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
     :param elements_to_sign: Which parts if any that should be signed
     :return: A class instance if not signed otherwise a string
     """
-    if elements_to_sign:
-        signed_xml = instance
-        if not isinstance(instance, six.string_types):
-            signed_xml = instance.to_string()
-        for (node_name, nodeid) in elements_to_sign:
-            signed_xml = seccont.sign_statement(
-                signed_xml, node_name=node_name, node_id=nodeid)
-        return signed_xml
-    else:
+    if not elements_to_sign:
         return instance
 
+    signed_xml = instance
+    if not isinstance(instance, six.string_types):
+        signed_xml = instance.to_string()
+
+    for (node_name, nodeid) in elements_to_sign:
+        signed_xml = seccont.sign_statement(
+            signed_xml, node_name=node_name, node_id=nodeid
+        )
+
+    return signed_xml
+
 
 def make_temp(content, suffix="", decode=True, delete_tmpfiles=True):
     """
@@ -1740,10 +1743,11 @@ def multiple_signatures(self, statement, to_sign, key=None, key_file=None, sign_
 
             if not item.signature:
                 item.signature = pre_signature_part(
-                        sid,
-                        self.cert_file,
-                        sign_alg=sign_alg,
-                        digest_alg=digest_alg)
+                    ident=sid,
+                    public_key=self.cert_file,
+                    sign_alg=sign_alg,
+                    digest_alg=digest_alg,
+                )
 
             statement = self.sign_statement(
                 statement,
@@ -1757,7 +1761,13 @@ def multiple_signatures(self, statement, to_sign, key=None, key_file=None, sign_
 
 
 # XXX FIXME calls DefaultSignature - remove to unveil chain of calls without proper args
-def pre_signature_part(ident, public_key=None, identifier=None, digest_alg=None, sign_alg=None):
+def pre_signature_part(
+    ident,
+    public_key=None,
+    identifier=None,
+    digest_alg=None,
+    sign_alg=None,
+):
     """
     If an assertion is to be signed the signature part has to be preset
     with which algorithms to be used, this function returns such a
@@ -1770,10 +1780,12 @@ def pre_signature_part(ident, public_key=None, identifier=None, digest_alg=None,
     :return: A preset signature part
     """
 
+    # XXX
     if not digest_alg:
         digest_alg = ds.DefaultSignature().get_digest_alg()
     if not sign_alg:
         sign_alg = ds.DefaultSignature().get_sign_alg()
+
     signature_method = ds.SignatureMethod(algorithm=sign_alg)
     canonicalization_method = ds.CanonicalizationMethod(
         algorithm=ds.ALG_EXC_C14N)