diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-12-15 15:11:26 +0100 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2014-12-15 15:11:26 +0100 |
commit | 6787ce4dd58a5ce41141e389d9dd08ded39e2c4f (patch) | |
tree | d9da12031595c37598f500113272922fd3584d82 | |
parent | b3a7db984065056b94048e7282173d2f4d0c6641 (diff) | |
download | pysaml2-6787ce4dd58a5ce41141e389d9dd08ded39e2c4f.tar.gz |
Looks at the Popen returncode.
-rw-r--r-- | src/saml2/entity.py | 1 | ||||
-rw-r--r-- | src/saml2/sigver.py | 11 | ||||
-rw-r--r-- | tests/test_40_sigver.py | 42 |
3 files changed, 46 insertions, 8 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 2b62c591..707d5015 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -543,6 +543,7 @@ class Entity(HTTPBase): if to_sign: signed_instance_factory(response, self.sec, to_sign) else: + # default is to sign the whole response if anything sign_class = [(class_name(response), response.id)] return signed_instance_factory(response, self.sec, sign_class) diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index d7b30d29..0ac1f032 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -847,8 +847,8 @@ class CryptoBackendXmlSec1(CryptoBackend): com_list.extend(["--node-id", node_id]) try: - (stdout, stderr, signed_statement) = \ - self._run_xmlsec(com_list, [fil], validate_output=False) + (stdout, stderr, signed_statement) = self._run_xmlsec( + com_list, [fil], validate_output=False) # this doesn't work if --store-signatures are used if stdout == "": if signed_statement: @@ -924,12 +924,17 @@ class CryptoBackendXmlSec1(CryptoBackend): p_out = pof.stdout.read() p_err = pof.stderr.read() + + if pof.returncode is not None and pof.returncode < 0: + logger.error(LOG_LINE % (p_out, p_err)) + raise XmlsecError("%d:%s" % (pof.returncode, p_err)) + try: if validate_output: parse_xmlsec_output(p_err) except XmlsecError, exc: logger.error(LOG_LINE_2 % (p_out, p_err, exc)) - raise exception("%s" % (exc,)) + raise ntf.seek(0) return p_out, p_err, ntf.read() diff --git a/tests/test_40_sigver.py b/tests/test_40_sigver.py index cf5acfa7..c0d12813 100644 --- a/tests/test_40_sigver.py +++ b/tests/test_40_sigver.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import base64 -from saml2.sigver import pre_encryption_part, make_temp +from saml2.sigver import pre_encryption_part, make_temp, XmlsecError from saml2.mdstore import MetadataStore from saml2.saml import assertion_from_string, EncryptedAssertion from saml2.samlp import response_from_string @@ -438,7 +438,8 @@ def test_xbox(): ) sigass = sec.sign_statement(assertion, class_name(assertion), - key_file=full_path("test.key"), node_id=assertion.id) + key_file=full_path("test.key"), + node_id=assertion.id) _ass0 = saml.assertion_from_string(sigass) @@ -471,7 +472,38 @@ def test_xbox(): print assertions +def test_xmlsec_err(): + conf = config.SPConfig() + conf.load_file("server_conf") + md = MetadataStore([saml, samlp], None, conf) + md.load("local", full_path("idp_example.xml")) + + conf.metadata = md + conf.only_use_keys_in_metadata = False + sec = sigver.security_context(conf) + + assertion = factory( + saml.Assertion, version="2.0", id="11111", + issue_instant="2009-10-30T13:20:28Z", + signature=sigver.pre_signature_part("11111", sec.my_cert, 1), + attribute_statement=do_attribute_statement( + {("", "", "surName"): ("Foo", ""), + ("", "", "givenName"): ("Bar", ""), }) + ) + + try: + sec.sign_statement(assertion, class_name(assertion), + key_file=full_path("tes.key"), + node_id=assertion.id) + except XmlsecError as err: # should throw an exception + pass + else: + assert False + + if __name__ == "__main__": - t = TestSecurity() - t.setup_class() - t.test_non_verify_2() + # t = TestSecurity() + # t.setup_class() + # t.test_non_verify_2() + + test_xbox() |