Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove signature nodes appropriately #46

Merged
merged 4 commits into from
Mar 24, 2016
Merged

Remove signature nodes appropriately #46

merged 4 commits into from
Mar 24, 2016

Conversation

klondi
Copy link
Contributor

@klondi klondi commented Mar 23, 2016

This solves the issue with double signatures in XML. Removal is also done so that any text after the signature is preserved.

I found this issue when trying to validate SAML 2.0 responses with a signature on both the assertion and the node signed with the library.

This should at least solve #40 but it may solve others like #44

@klondi klondi mentioned this pull request Mar 23, 2016
Closed
@klondi
Remove signature nodes appropriately, this solves the issue with doub…
0cfdffc 
…le signatures in XML. Removal is also done so that any text after the signature is preserved
@coveralls
Copy link

Coverage Status

Coverage decreased (-1.4%) to 93.047% when pulling 6536dd3 on CoresecSystems:master into 6521e55 on kislyuk:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.04%) to 93.456% when pulling 6536dd3 on CoresecSystems:master into 6521e55 on kislyuk:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.4%) to 94.07% when pulling fe96c7d on CoresecSystems:master into 6521e55 on kislyuk:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-0.2%) to 94.274% when pulling b2cd54c on CoresecSystems:master into 6521e55 on kislyuk:master.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.2%) to 94.683% when pulling 3de87c2 on CoresecSystems:master into 6521e55 on kislyuk:master.

kislyuk
kislyuk reviewed Mar 24, 2016
View reviewed changes
signxml/__init__.py
@@ -588,11 +612,14 @@ def verify(self, require_x509=True, x509_cert=None, ca_pem_file=None, ca_path=No
root = fromstring(self.data, parser=parser)
else:
root = self.data
c14n_root = fromstring(etree.tostring(root))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't truly understand why this is necessary. Can you explain?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we may need to apply transformation modifying the XML tree during the canonicalization process we need to make a copy of it to prevent modifying the original tree.

Originally I used copy.deepcopy but with lxml it failed at preserving the namespaces on the root node which broke some cases, thus I instead copy the tree in this way.

@kislyuk
Copy link
Member

kislyuk commented Mar 24, 2016

Thanks. This is outstanding work. I'm merging, but I'd appreciate it if you could answer the question I left inline.

@kislyuk kislyuk merged commit 6c0c801 into XML-Security:master Mar 24, 2016
@klondi
Copy link
Contributor Author

klondi commented Mar 24, 2016

@kislyuk Answered, it's mostly a hack around copy.deepcopy not preserving unused namespaces on the root node.

@kislyuk
Copy link
Member

kislyuk commented Mar 24, 2016

Released in v0.6.0.

@klondi klondi mentioned this pull request Apr 5, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@klondi @coveralls @kislyuk