Skip to content

Commit ff9cbce

Browse files
c00kiemon5terc00kiemon5ter
committed
Notes on _response
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
1 parent 2878400 commit ff9cbce

File tree

1 file changed

+90
-43
lines changed

1 file changed

+90
-43
lines changed

src/saml2/entity.py

Lines changed: 90 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -760,14 +760,19 @@ def _response(
760760
if not has_encrypt_cert and encrypt_cert_assertion is None:
761761
encrypt_assertion = False
762762

763+
# XXX if encrypt_assertion or encrypted_advice_attributes
764+
# XXX once in, response becomes a str and uses signed_instance_factory
763765
if (
766+
# XXX goto part-C
764767
encrypt_assertion
765768
or (
769+
# XXX goto part-B
766770
encrypted_advice_attributes
767771
and response.assertion.advice is not None
768772
and len(response.assertion.advice.assertion) == 1
769773
)
770774
):
775+
# XXX part-A (common) prepare sign response
771776
if sign:
772777
response.signature = pre_signature_part(
773778
response.id,
@@ -780,6 +785,7 @@ def _response(
780785
else:
781786
sign_class = []
782787

788+
# XXX part-B if encrypted_advice_attributes
783789
if (
784790
encrypted_advice_attributes
785791
and response.assertion.advice is not None
@@ -788,94 +794,135 @@ def _response(
788794
_assertions = response.assertion
789795
if not isinstance(_assertions, list):
790796
_assertions = [_assertions]
797+
791798
for _assertion in _assertions:
792799
_assertion.advice.encrypted_assertion = []
793-
_assertion.advice.encrypted_assertion.append(
794-
EncryptedAssertion())
795-
_advice_assertions = copy.deepcopy(
796-
_assertion.advice.assertion)
800+
_assertion.advice.encrypted_assertion.append(EncryptedAssertion())
801+
_advice_assertions = copy.deepcopy(_assertion.advice.assertion)
797802
_assertion.advice.assertion = []
803+
798804
if not isinstance(_advice_assertions, list):
799805
_advice_assertions = [_advice_assertions]
806+
800807
for tmp_assertion in _advice_assertions:
801808
to_sign_advice = []
809+
# XXX prepare sign assertion
802810
if sign_assertion and not pefim:
803811
tmp_assertion.signature = pre_signature_part(
804-
tmp_assertion.id, self.sec.my_cert, 1,
805-
sign_alg=sign_alg, digest_alg=digest_alg)
812+
tmp_assertion.id,
813+
self.sec.my_cert,
814+
1,
815+
sign_alg=sign_alg,
816+
digest_alg=digest_alg,
817+
)
806818
to_sign_advice.append(
807-
(class_name(tmp_assertion), tmp_assertion.id))
819+
(class_name(tmp_assertion), tmp_assertion.id),
820+
)
808821

822+
# XXX prepare encrypt assertion
809823
# tmp_assertion = response.assertion.advice.assertion[0]
810-
_assertion.advice.encrypted_assertion[
811-
0].add_extension_element(tmp_assertion)
824+
_assertion.advice.encrypted_assertion[0].add_extension_element(
825+
tmp_assertion
826+
)
812827
if encrypt_assertion_self_contained:
813-
advice_tag = \
814-
response.assertion.advice._to_element_tree().tag
828+
advice_tag = response.assertion.advice._to_element_tree().tag
815829
assertion_tag = tmp_assertion._to_element_tree().tag
816-
response = \
817-
response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
818-
assertion_tag, advice_tag)
830+
response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
831+
assertion_tag, advice_tag
832+
)
819833
node_xpath = ''.join(
820-
["/*[local-name()=\"%s\"]" % v for v in
821-
["Response", "Assertion", "Advice",
822-
"EncryptedAssertion", "Assertion"]])
823-
834+
[
835+
"/*[local-name()=\"%s\"]" % v
836+
for v in [
837+
"Response",
838+
"Assertion",
839+
"Advice",
840+
"EncryptedAssertion",
841+
"Assertion"
842+
]
843+
]
844+
)
845+
846+
# XXX sign assertion
824847
if to_sign_advice:
825-
response = signed_instance_factory(response,
826-
self.sec,
827-
to_sign_advice)
848+
response = signed_instance_factory(
849+
response, self.sec, to_sign_advice
850+
)
851+
852+
# XXX encrypt assertion
828853
response = self._encrypt_assertion(
829-
encrypt_cert_advice, sp_entity_id, response,
830-
node_xpath=node_xpath)
854+
encrypt_cert_advice,
855+
sp_entity_id,
856+
response,
857+
node_xpath=node_xpath,
858+
)
831859
response = response_from_string(response)
832860

861+
# XXX part-C if encrypt_assertion
833862
if encrypt_assertion:
834863
to_sign_assertion = []
835-
if sign_assertion is not None and sign_assertion:
864+
865+
# XXX prepare sign assertion
866+
if sign_assertion:
836867
_assertions = response.assertion
868+
837869
if not isinstance(_assertions, list):
838870
_assertions = [_assertions]
871+
839872
for _assertion in _assertions:
840873
_assertion.signature = pre_signature_part(
841-
_assertion.id, self.sec.my_cert, 1,
842-
sign_alg=sign_alg, digest_alg=digest_alg)
874+
_assertion.id,
875+
self.sec.my_cert,
876+
1,
877+
sign_alg=sign_alg,
878+
digest_alg=digest_alg,
879+
)
843880
to_sign_assertion.append(
844-
(class_name(_assertion), _assertion.id))
881+
(class_name(_assertion), _assertion.id),
882+
)
883+
884+
# XXX prepare encrypt assertion
845885
if encrypt_assertion_self_contained:
846886
try:
847-
assertion_tag = response.assertion._to_element_tree(
848-
849-
).tag
887+
assertion_tag = response.assertion._to_element_tree().tag
850888
except:
851-
assertion_tag = response.assertion[
852-
0]._to_element_tree().tag
889+
assertion_tag = response.assertion[0]._to_element_tree().tag
853890
response = pre_encrypt_assertion(response)
854-
response = \
855-
response.get_xml_string_with_self_contained_assertion_within_encrypted_assertion(
856-
assertion_tag)
891+
response = response.get_xml_string_with_self_contained_assertion_within_encrypted_assertion(
892+
assertion_tag
893+
)
857894
else:
858895
response = pre_encrypt_assertion(response)
896+
897+
# XXX sign assertion
859898
if to_sign_assertion:
860-
response = signed_instance_factory(response, self.sec,
861-
to_sign_assertion)
862-
response = self._encrypt_assertion(encrypt_cert_assertion,
863-
sp_entity_id, response)
899+
response = signed_instance_factory(
900+
response, self.sec, to_sign_assertion
901+
)
902+
903+
# XXX encrypt assertion
904+
response = self._encrypt_assertion(
905+
encrypt_cert_assertion, sp_entity_id, response
906+
)
864907
else:
908+
# XXX sign other parts! (defiend by to_sign)
865909
if to_sign:
866-
response = signed_instance_factory(response, self.sec,
867-
to_sign)
910+
response = signed_instance_factory(response, self.sec, to_sign)
911+
912+
# XXX part-D (common) sign response
913+
# XXX handle response having been signed/encrypted => str
868914
if sign:
869915
return signed_instance_factory(response, self.sec, sign_class)
870916
else:
871917
return response
872918

919+
# XXX sign response
873920
if sign:
874921
return self.sign(
875922
response, to_sign=to_sign, sign_alg=sign_alg, digest_alg=digest_alg
876923
)
877-
else:
878-
return response
924+
925+
return response
879926

880927
# XXX DONE calls self.sign must figure out sign
881928
def _status_response(

0 commit comments

Comments
 (0)