Formatting and restructure

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

3 files changed, 33 insertions, 18 deletions

diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index 3b6c109f..88c2606b 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -516,8 +516,8 @@ class Entity(HTTPBase):
     # XXX DONE will actually use sign the POST-Binding
     # XXX DONE deepest level - needs to decide the sign value
     # XXX DONE calls self.sign must figure out sign
-    # XXX ensure both SPs and IdPs go through this
-    # XXX ensure this works for the POST-Binding
+    # XXX DONE ensure both SPs and IdPs go through this
+    # XXX DONE ensure this works for the POST-Binding
     def _message(
         self,
         request_cls,
@@ -673,6 +673,8 @@ class Entity(HTTPBase):
         return response
 
     # XXX DONE calls self.sign must figure out sign
+    # XXX calls signed_instance_factory - must have called pre_signature_part
+    # XXX calls pre_signature_part - must figure out sign_alg/digest_alg
     def _response(
         self,
         in_response_to,
@@ -746,8 +748,8 @@ class Entity(HTTPBase):
 
         sign = sign if sign is not None else self.should_sign
         if (
-            not sign
-            and to_sign
+            to_sign
+            and not sign
             and not encrypt_assertion
         ):
             return signed_instance_factory(response, self.sec, to_sign)
diff --git a/src/saml2/server.py b/src/saml2/server.py
index d23418ff..808ec679 100644
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -414,6 +414,7 @@ class Server(Entity):
                 **kwargs)
         return assertion
 
+    # XXX calls pre_signature_part
     # XXX > _response
     def _authn_response(
         self,
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index 65d4f39c..52324eb4 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -315,17 +315,20 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):
     :param elements_to_sign: Which parts if any that should be signed
     :return: A class instance if not signed otherwise a string
     """
-    if elements_to_sign:
-        signed_xml = instance
-        if not isinstance(instance, six.string_types):
-            signed_xml = instance.to_string()
-        for (node_name, nodeid) in elements_to_sign:
-            signed_xml = seccont.sign_statement(
-                signed_xml, node_name=node_name, node_id=nodeid)
-        return signed_xml
-    else:
+    if not elements_to_sign:
         return instance
 
+    signed_xml = instance
+    if not isinstance(instance, six.string_types):
+        signed_xml = instance.to_string()
+
+    for (node_name, nodeid) in elements_to_sign:
+        signed_xml = seccont.sign_statement(
+            signed_xml, node_name=node_name, node_id=nodeid
+        )
+
+    return signed_xml
+
 
 def make_temp(content, suffix="", decode=True, delete_tmpfiles=True):
     """
@@ -1740,10 +1743,11 @@ class SecurityContext(object):
 
             if not item.signature:
                 item.signature = pre_signature_part(
-                        sid,
-                        self.cert_file,
-                        sign_alg=sign_alg,
-                        digest_alg=digest_alg)
+                    ident=sid,
+                    public_key=self.cert_file,
+                    sign_alg=sign_alg,
+                    digest_alg=digest_alg,
+                )
 
             statement = self.sign_statement(
                 statement,
@@ -1757,7 +1761,13 @@ class SecurityContext(object):
 
 
 # XXX FIXME calls DefaultSignature - remove to unveil chain of calls without proper args
-def pre_signature_part(ident, public_key=None, identifier=None, digest_alg=None, sign_alg=None):
+def pre_signature_part(
+    ident,
+    public_key=None,
+    identifier=None,
+    digest_alg=None,
+    sign_alg=None,
+):
     """
     If an assertion is to be signed the signature part has to be preset
     with which algorithms to be used, this function returns such a
@@ -1770,10 +1780,12 @@ def pre_signature_part(ident, public_key=None, identifier=None, digest_alg=None,
     :return: A preset signature part
     """
 
+    # XXX
     if not digest_alg:
         digest_alg = ds.DefaultSignature().get_digest_alg()
     if not sign_alg:
         sign_alg = ds.DefaultSignature().get_sign_alg()
+
     signature_method = ds.SignatureMethod(algorithm=sign_alg)
     canonicalization_method = ds.CanonicalizationMethod(
         algorithm=ds.ALG_EXC_C14N)