Difference between sigver.signed_instance_factory and Entity.sign

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

2 files changed, 12 insertions, 1 deletions

diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index 5320ab6a..3b6c109f 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -467,7 +467,12 @@ class Entity(HTTPBase):
 
     # XXX DONE will actually use sign_alg and digest_alg for the POST-Binding
     # XXX DONE deepest level - needs to decide the sign_alg and digest_alg value
-    # XXX calls pre_signature_part
+    # XXX a controler for signed_instance_factory
+    # XXX syncs pre_signature_part and signed_instance_factory
+    # XXX makes sure pre_signature_part is called before signed_instance_factory
+    # XXX calls pre_signature_part - must have sign_alg & digest_alg
+    # XXX calls signed_instance_factory - after pre_signature_part
+    # XXX !!expects a msg object!!
     def sign(
         self,
         msg,
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index d4ba8712..65d4f39c 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -301,6 +301,12 @@ def _instance(klass, ava, seccont, base64encode=False, elements_to_sign=None):
     return instance
 
 
+# XXX will actually sign the nodes
+# XXX assumes pre_signature_part has already been called
+# XXX calls sign without specifying sign_alg/digest_alg
+# XXX this is fine as the algs are embeded in the document
+# XXX as setup by pre_signature_part
+# XXX !!expects instance string!!
 def signed_instance_factory(instance, seccont, elements_to_sign=None):
     """