diff options
author | Hans Hörberg <hans.horberg@umu.se> | 2015-05-25 17:38:18 +0200 |
---|---|---|
committer | Hans Hörberg <hans.horberg@umu.se> | 2015-05-25 17:38:18 +0200 |
commit | d6d76e1efb24c0715effcf42c11ec6c6470ab17a (patch) | |
tree | f11eeb26884d48fdee7030e9ce49651a298c2367 /src/saml2/response.py | |
parent | 93bdb86a8191ddf797cec821e39cd40446c8975c (diff) | |
download | pysaml2-d6d76e1efb24c0715effcf42c11ec6c6470ab17a.tar.gz |
Added PEFIM changes that had been removed.
Diffstat (limited to 'src/saml2/response.py')
-rw-r--r-- | src/saml2/response.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/saml2/response.py b/src/saml2/response.py index 6f733280..1b4725af 100644 --- a/src/saml2/response.py +++ b/src/saml2/response.py @@ -871,11 +871,16 @@ class AuthnResponse(StatusResponse): logger.debug("***Encrypted assertion/-s***") decr_text = "%s" % self.response resp = self.response - while self.find_encrypt_data(resp): + decr_text_old = None + while self.find_encrypt_data(resp) and decr_text_old != decr_text: + decr_text_old = decr_text decr_text = self.sec.decrypt_keys(decr_text, keys) resp = samlp.response_from_string(decr_text) _enc_assertions = self.decrypt_assertions(resp.encrypted_assertion, decr_text) - while self.find_encrypt_data(resp) or self.find_encrypt_data_assertion_list(_enc_assertions): + decr_text_old = None + while self.find_encrypt_data(resp) or self.find_encrypt_data_assertion_list(_enc_assertions) and \ + decr_text_old != decr_text: + decr_text_old = decr_text decr_text = self.sec.decrypt_keys(decr_text, keys) resp = samlp.response_from_string(decr_text) _enc_assertions = self.decrypt_assertions(resp.encrypted_assertion, decr_text, verified=True) @@ -893,7 +898,8 @@ class AuthnResponse(StatusResponse): tmp_ass.advice.assertion.extend(advice_res) else: tmp_ass.advice.assertion = advice_res - tmp_ass.advice.encrypted_assertion = [] + if len(advice_res) > 0: + tmp_ass.advice.encrypted_assertion = [] self.response.assertion = resp.assertion for assertion in _enc_assertions: if not self._assertion(assertion, True): @@ -902,7 +908,8 @@ class AuthnResponse(StatusResponse): self.assertions.append(assertion) self.xmlstr = decr_text - self.response.encrypted_assertion = [] + if len(_enc_assertions) > 0: + self.response.encrypted_assertion = [] if self.response.assertion: for assertion in self.response.assertion: |