From d45d9629627d6f4b674921ef2fa39ed2789530f9 Mon Sep 17 00:00:00 2001
From: Matthias Valvekens <matthias@mvalvekens.be>
Date: Tue, 19 Aug 2025 19:03:45 +0900
Subject: [PATCH] Align behaviour of expect_references with docs

Passing expect_references=True to verify(...) now
results in a list of verify_results, irrespective of the number
of references in the signature.

Fixes #278.
---
 signxml/verifier.py |  6 +++++-
 test/test.py        | 26 +++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/signxml/verifier.py b/signxml/verifier.py
index 3e6b24b..7da25d9 100644
--- a/signxml/verifier.py
+++ b/signxml/verifier.py
@@ -535,7 +535,11 @@ def verify(
             msg = "Expected to find {} references, but found {}"
             raise InvalidSignature(msg.format(self.config.expect_references, len(verify_results)))
 
-        return verify_results if self.config.expect_references > 1 else verify_results[0]
+        return (
+            verify_results[0]
+            if type(self.config.expect_references) is int and self.config.expect_references == 1
+            else verify_results
+        )
 
     def _verify_reference(
         self,
diff --git a/test/test.py b/test/test.py
index a663062..d48215d 100755
--- a/test/test.py
+++ b/test/test.py
@@ -112,6 +112,20 @@ def test_example_multi(self):
             expect_references=2,
         )
 
+    def test_example_multi_unspecified_reference_count(self):
+        cert, _ = self.load_example_keys()
+        with open(os.path.join(os.path.dirname(__file__), "example.pem")) as fh:
+            cert = fh.read()
+        example_file = os.path.join(os.path.dirname(__file__), "example-125.xml")
+        res = XMLVerifier().verify(
+            data=etree.parse(example_file),
+            x509_cert=cert,
+            expect_references=True,
+        )
+
+        self.assertIsInstance(res, list)
+        self.assertEqual(2, len(res))
+
 
 class TestSignXML(unittest.TestCase, LoadExampleKeys):
     def setUp(self):
@@ -490,6 +504,16 @@ def test_elementtree_compat(self):
             </samlp:Response>""",
     ]
 
+    def test_verify_results_with_nonspecific_reference_count(self):
+        crt, key = self.load_example_keys()
+        data = etree.fromstring(self.saml_test_vectors[0])
+        reference_uri = "assertionId"
+        signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt)
+        res = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)
+
+        self.assertIsInstance(res, list)
+        self.assertEqual(1, len(res))
+
     def test_reference_uris_and_custom_key_info(self):
         crt, key = self.load_example_keys()
 
@@ -499,7 +523,7 @@ def test_reference_uris_and_custom_key_info(self):
             reference_uri = ["assertionId", "assertion2"] if "assertion2" in d else "assertionId"
             signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt)
             res = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)
-            signed_data_root = res.signed_xml
+            signed_data_root = res[0].signed_xml
             ref = signed_root.xpath(
                 "/samlp:Response/saml:Assertion/ds:Signature/ds:SignedInfo/ds:Reference",
                 namespaces={