@@ -1137,20 +1137,17 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
11371137 if not xmlstr : # Not a valid reponse
11381138 return None
11391139
1140- # Record the response signature requirement.
1141- require_response_signature = response .require_response_signature
1142-
1143- # Force the requirement that the response be signed in order to
1144- # force signature checking to happen so that we can know whether
1145- # or not the response is signed. The attribute on the response class
1146- # is reset to the recorded value in the finally clause below.
1147- response .require_response_signature = True
1148-
11491140 try :
1141+ response_is_signed = False
1142+ # Record the response signature requirement.
1143+ require_response_signature = response .require_response_signature
1144+ # Force the requirement that the response be signed in order to
1145+ # force signature checking to happen so that we can know whether
1146+ # or not the response is signed. The attribute on the response class
1147+ # is reset to the recorded value in the finally clause below.
1148+ response .require_response_signature = True
11501149 response = response .loads (xmlstr , False , origxml = xmlstr )
1151- response_is_signed = True
11521150 except SigverError as err :
1153- response_is_signed = False
11541151 if require_response_signature :
11551152 logger .error ("Signature Error: %s" , err )
11561153 raise
@@ -1160,15 +1157,15 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
11601157 # value and attempt to consume the unpacked XML again.
11611158 response .require_response_signature = require_response_signature
11621159 response = response .loads (xmlstr , False , origxml = xmlstr )
1163-
11641160 except UnsolicitedResponse :
11651161 logger .error ("Unsolicited response" )
11661162 raise
11671163 except Exception as err :
1168- response_is_signed = False
11691164 if "not well-formed" in "%s" % err :
11701165 logger .error ("Not well-formed XML" )
11711166 raise
1167+ else :
1168+ response_is_signed = True
11721169 finally :
11731170 response .require_response_signature = require_response_signature
11741171
@@ -1195,22 +1192,19 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
11951192 only_identity_in_encrypted_assertion = kwargs [
11961193 "only_identity_in_encrypted_assertion" ]
11971194
1198- # Record the assertions signature requirement.
1199- require_signature = response .require_signature
1200-
1201- # Force the requirement that the assertions be signed in order to
1202- # force signature checking to happen so that we can know whether
1203- # or not the assertions are signed. The attribute on the response class
1204- # is reset to the recorded value in the finally clause below.
1205- response .require_signature = True
1206-
12071195 try :
1196+ assertions_are_signed = False
1197+ # Record the assertions signature requirement.
1198+ require_signature = response .require_signature
1199+ # Force the requirement that the assertions be signed in order to
1200+ # force signature checking to happen so that we can know whether
1201+ # or not the assertions are signed. The attribute on the response class
1202+ # is reset to the recorded value in the finally clause below.
1203+ response .require_signature = True
12081204 # Verify that the assertion is syntactically correct and the
12091205 # signature on the assertion is correct if present.
12101206 response = response .verify (keys )
1211- assertions_are_signed = True
12121207 except SignatureError as err :
1213- assertions_are_signed = False
12141208 if require_signature :
12151209 logger .error ("Signature Error: %s" , err )
12161210 raise
@@ -1219,6 +1213,8 @@ def _parse_response(self, xmlstr, response_cls, service, binding,
12191213 response = response .verify (keys )
12201214 except Exception as err :
12211215 logger .error ("Exception verifying assertion: %s" % err )
1216+ else :
1217+ assertions_are_signed = True
12221218 finally :
12231219 response .require_signature = require_signature
12241220
0 commit comments