Useful when debugging 'after the fact'.

Roland Hedberg · Roland Hedberg · commit 177892dab5cf · 2015-09-07T09:13:30.000+02:00
diff --git a/src/saml2/response.py b/src/saml2/response.py
@@ -265,6 +265,7 @@ def __init__(self, sec_context, return_addrs=None, timeslack=0,
         self.require_response_signature = False
         self.not_signed = False
         self.asynchop = asynchop
+        self.do_not_verify = False
 
     def _clear(self):
         self.xmlstr = ""
@@ -316,10 +317,16 @@ def _loads(self, xmldata, decode=True, origxml=None):
         else:
             self.origxml = self.xmlstr
 
+        if self.do_not_verify:
+            args = {"do_not_verify": True}
+        else:
+            args = {}
+
         try:
             self.response = self.signature_check(
                 xmldata, origdoc=origxml, must=self.require_signature,
-                require_response_signature=self.require_response_signature)
+                require_response_signature=self.require_response_signature,
+                **args)
 
         except TypeError:
             raise
@@ -759,7 +766,7 @@ def _assertion(self, assertion, verified=False):
                 raise SignatureError("Signature missing for assertion")
         else:
             logger.debug("signed")
-            if not verified:
+            if not verified and self.do_not_verify is False:
                 try:
                     self.sec.check_signature(assertion, class_name(assertion),self.xmlstr)
                 except Exception as exc:
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
@@ -1678,29 +1678,14 @@ def correctly_signed_response(self, decoded_xml, must=False, origdoc=None,
             raise TypeError("Not a Response")
 
         if response.signature:
-            self._check_signature(decoded_xml, response, class_name(response),
-                                  origdoc)
+            if "do_not_verify" in kwargs:
+                pass
+            else:
+                self._check_signature(decoded_xml, response,
+                                      class_name(response), origdoc)
         elif require_response_signature:
             raise SignatureError("Signature missing for response")
 
-        # if isinstance(response, Response) and response.assertion:
-        #     # Try to find the signing cert in the assertion
-        #     for assertion in response.assertion:
-        #         if not hasattr(assertion, 'signature') or not assertion.signature:
-        #             logger.debug("unsigned")
-        #             if must:
-        #                 raise SignatureError("Signature missing for assertion")
-        #             continue
-        #         else:
-        #             logger.debug("signed")
-        #
-        #         try:
-        #             self._check_signature(decoded_xml, assertion,
-        #                                   class_name(assertion), origdoc)
-        #         except Exception as exc:
-        #             logger.error("correctly_signed_response: %s" % exc)
-        #             raise
-
         return response
 
     #--------------------------------------------------------------------------
