From ce1eb1502587d1b51fafca4caa36fd3e6c2db98c Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland.hedberg@adm.umu.se>
Date: Thu, 14 Jun 2012 19:55:54 +0200
Subject: assertion.py: added parameter definition response.py: removed unused
 code sigver.py: raise exception when decryption fails

---
 src/saml2/assertion.py |  2 ++
 src/saml2/response.py  | 43 -------------------------------------------
 src/saml2/sigver.py    | 40 +++++++++++++++++++++++++++++-----------
 3 files changed, 31 insertions(+), 54 deletions(-)

(limited to 'src')

diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index b51ec54c..845e011a 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -143,6 +143,8 @@ def filter_on_demands(ava, required=None, optional=None):
 def filter_on_wire_representation(ava, acs, required=None, optional=None):
     """
     :param ava: A dictionary with attributes and values
+    :param acs: List of tuples (Attribute Converter name,
+        Attribute Converter instance)
     :param required: A list of saml.Attributes
     :param optional: A list of saml.Attributes
     :return: Dictionary of expected/wanted attributes and values
diff --git a/src/saml2/response.py b/src/saml2/response.py
index 07588b18..8bfaea6f 100644
--- a/src/saml2/response.py
+++ b/src/saml2/response.py
@@ -253,49 +253,6 @@ class LogoutResponse(StatusResponse):
                                 debug)
         self.signature_check = self.sec.correctly_signed_logout_response
 
-#class AttributeResponse(StatusResponse):
-#    def __init__(self, sec_context, attribute_converters, entity_id,
-#                    return_addr=None, log=None, timeslack=0, debug=0):
-#        StatusResponse.__init__(self, sec_context, return_addr, log, timeslack,
-#                                debug)
-#        self.entity_id = entity_id
-#        self.attribute_converters = attribute_converters
-#        self.assertion = None
-#
-#    def get_identity(self):
-#        # The assertion can contain zero or one attributeStatements
-#        if not self.assertion.attribute_statement:
-#            self.log.error("Missing Attribute Statement")
-#            ava = {}
-#        else:
-#            assert len(self.assertion.attribute_statement) == 1
-#
-#            if self.debug:
-#                self.log.info("Attribute Statement: %s" % (
-#                                    self.assertion.attribute_statement[0],))
-#                for aconv in self.attribute_converters:
-#                    self.log.info(
-#                            "Converts name format: %s" % (aconv.name_format,))
-#
-#            ava = to_local(self.attribute_converters,
-#                            self.assertion.attribute_statement[0])
-#        return ava
-#
-#    def session_info(self):
-#        """ Returns a predefined set of information gleened from the
-#        response.
-#        :returns: Dictionary with information
-#        """
-#        if self.session_not_on_or_after > 0:
-#            nooa = self.session_not_on_or_after
-#        else:
-#            nooa = self.not_on_or_after
-#
-#        return { "ava": self.ava, "name_id": self.name_id,
-#                "came_from": self.came_from, "issuer": self.issuer(),
-#                "not_on_or_after": nooa,
-#                "authn_info": self.authn_info() }
-   
 class AuthnResponse(StatusResponse):
     """ This is where all the profile compliance is checked.
     This one does saml2int compliance. """
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index 9a5b0e43..8c6d905c 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -107,6 +107,9 @@ class XmlsecError(Exception):
 class MissingKey(Exception):
     pass
 
+class DecryptError(Exception):
+    pass
+
 # --------------------------------------------------------------------------
 
 #def make_signed_instance(klass, spec, seccont, base64encode=False):
@@ -514,12 +517,20 @@ class SecurityContext(object):
             self.log.debug("Encryption command: %s" % " ".join(com_list))
 
         pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
-        p_out = pof.stdout.read()
-        p_err = pof.stderr.read()
 
-        if self.debug:
-            self.log.debug("Encryption result (out): %s" % (p_out,))
-            self.log.debug("Encryption result (err): %s" % (p_err,))
+        p_err = pof.stderr.read()
+        try:
+            parse_xmlsec_output(p_err)
+        except XmlsecError, exc:
+            if self.debug:
+                p_out = pof.stdout.read()
+                self.log.error(60*"=")
+                self.log.error(p_out)
+                self.log.error(p_err)
+                self.log.error(60*"-")
+                self.log.error("%s" % exc)
+                self.log.error(60*"=")
+            raise DecryptError("%s" % (exc,))
 
         ntf.seek(0)
         return ntf.read()
@@ -546,17 +557,24 @@ class SecurityContext(object):
             self.log.debug("Decrypt command: %s" % " ".join(com_list))
 
         pof = Popen(com_list, stderr=PIPE, stdout=PIPE)
-        p_out = pof.stdout.read()
+
         p_err = pof.stderr.read()
-        
-        if self.debug:
-            self.log.debug("Decrypt result (out): %s" % (p_out,))
-            self.log.debug("Decrypt result (err): %s" % (p_err,))
+        try:
+            parse_xmlsec_output(p_err)
+        except XmlsecError, exc:
+            if self.debug:
+                p_out = pof.stdout.read()
+                self.log.error(60*"=")
+                self.log.error(p_out)
+                self.log.error(p_err)
+                self.log.error(60*"-")
+                self.log.error("%s" % exc)
+                self.log.error(60*"=")
+            raise DecryptError("%s" % (exc,))
 
         ntf.seek(0)
         return ntf.read()
 
-    
         
     def verify_signature(self, enctext, cert_file=None, cert_type="pem", 
                             node_name=NODE_NAME, node_id=None, id_attr=""):
-- 
cgit v1.2.1