Added PEFIM changes that had been removed.

author: Hans Hörberg <hans.horberg@umu.se> 2015-05-25 17:38:18 +0200
committer: Hans Hörberg <hans.horberg@umu.se> 2015-05-25 17:38:18 +0200
commit: d6d76e1efb24c0715effcf42c11ec6c6470ab17a (patch)
tree: f11eeb26884d48fdee7030e9ce49651a298c2367 /src/saml2/response.py
parent: 93bdb86a8191ddf797cec821e39cd40446c8975c (diff)
download: pysaml2-d6d76e1efb24c0715effcf42c11ec6c6470ab17a.tar.gz
1 files changed, 11 insertions, 4 deletions
diff --git a/src/saml2/response.py b/src/saml2/response.py
index 6f733280..1b4725af 100644
--- a/src/saml2/response.py
+++ b/src/saml2/response.py
@@ -871,11 +871,16 @@ class AuthnResponse(StatusResponse):
             logger.debug("***Encrypted assertion/-s***")
             decr_text = "%s" % self.response
             resp = self.response
-            while self.find_encrypt_data(resp):
+            decr_text_old = None
+            while self.find_encrypt_data(resp) and decr_text_old != decr_text:
+                decr_text_old = decr_text
                 decr_text = self.sec.decrypt_keys(decr_text, keys)
                 resp = samlp.response_from_string(decr_text)
             _enc_assertions = self.decrypt_assertions(resp.encrypted_assertion, decr_text)
-            while self.find_encrypt_data(resp) or self.find_encrypt_data_assertion_list(_enc_assertions):
+            decr_text_old = None
+            while self.find_encrypt_data(resp) or self.find_encrypt_data_assertion_list(_enc_assertions) and \
+                            decr_text_old != decr_text:
+                decr_text_old = decr_text
                 decr_text = self.sec.decrypt_keys(decr_text, keys)
                 resp = samlp.response_from_string(decr_text)
                 _enc_assertions = self.decrypt_assertions(resp.encrypted_assertion, decr_text, verified=True)
@@ -893,7 +898,8 @@ class AuthnResponse(StatusResponse):
                             tmp_ass.advice.assertion.extend(advice_res)
                         else:
                             tmp_ass.advice.assertion = advice_res
-                        tmp_ass.advice.encrypted_assertion = []
+                        if len(advice_res) > 0:
+                            tmp_ass.advice.encrypted_assertion = []
             self.response.assertion = resp.assertion
             for assertion in _enc_assertions:
                 if not self._assertion(assertion, True):
@@ -902,7 +908,8 @@ class AuthnResponse(StatusResponse):
                     self.assertions.append(assertion)
 
             self.xmlstr = decr_text
-            self.response.encrypted_assertion = []
+            if len(_enc_assertions) > 0:
+                self.response.encrypted_assertion = []
 
         if self.response.assertion:
             for assertion in self.response.assertion:
author	Hans Hörberg <hans.horberg@umu.se>	2015-05-25 17:38:18 +0200
committer	Hans Hörberg <hans.horberg@umu.se>	2015-05-25 17:38:18 +0200
commit	d6d76e1efb24c0715effcf42c11ec6c6470ab17a (patch)
tree	f11eeb26884d48fdee7030e9ce49651a298c2367 /src/saml2/response.py
parent	93bdb86a8191ddf797cec821e39cd40446c8975c (diff)
download	pysaml2-d6d76e1efb24c0715effcf42c11ec6c6470ab17a.tar.gz