From c0c412e2f17edb9abdd89ee8ef103c85d23d285c Mon Sep 17 00:00:00 2001
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
Date: Mon, 7 Dec 2020 22:46:05 +0200
Subject: Difference between sigver.signed_instance_factory and Entity.sign

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
---
 src/saml2/entity.py | 7 ++++++-
 src/saml2/sigver.py | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/saml2/entity.py b/src/saml2/entity.py
index 5320ab6a..3b6c109f 100644
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -467,7 +467,12 @@ class Entity(HTTPBase):
 
     # XXX DONE will actually use sign_alg and digest_alg for the POST-Binding
     # XXX DONE deepest level - needs to decide the sign_alg and digest_alg value
-    # XXX calls pre_signature_part
+    # XXX a controler for signed_instance_factory
+    # XXX syncs pre_signature_part and signed_instance_factory
+    # XXX makes sure pre_signature_part is called before signed_instance_factory
+    # XXX calls pre_signature_part - must have sign_alg & digest_alg
+    # XXX calls signed_instance_factory - after pre_signature_part
+    # XXX !!expects a msg object!!
     def sign(
         self,
         msg,
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index d4ba8712..65d4f39c 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -301,6 +301,12 @@ def _instance(klass, ava, seccont, base64encode=False, elements_to_sign=None):
     return instance
 
 
+# XXX will actually sign the nodes
+# XXX assumes pre_signature_part has already been called
+# XXX calls sign without specifying sign_alg/digest_alg
+# XXX this is fine as the algs are embeded in the document
+# XXX as setup by pre_signature_part
+# XXX !!expects instance string!!
 def signed_instance_factory(instance, seccont, elements_to_sign=None):
     """
 
-- 
cgit v1.2.1