Fix signature position in the SP metadata

SAML-Toolkits · Nov 10, 2017 · 032a2c7 · 032a2c7
1 parent 265d019
commit 032a2c7
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/src/onelogin/saml2/utils.py b/src/onelogin/saml2/utils.py
@@ -877,7 +877,11 @@ def add_sign(xml, key, cert, debug=False, sign_algorithm=OneLogin_Saml2_Constant
             issuer = issuer[0]
             issuer.addnext(signature)
         else:
-            elem[0].insert(0, signature)
+            entity_descriptor = OneLogin_Saml2_Utils.query(elem, '//md:EntityDescriptor')
+            if len(entity_descriptor) > 0:
+                elem.insert(0, signature)
+            else:
+                elem[0].insert(0, signature)
 
         digest_algorithm_transform_map = {
             OneLogin_Saml2_Constants.SHA1: xmlsec.TransformSha1,

diff --git a/tests/src/OneLogin/saml2_tests/utils_test.py b/tests/src/OneLogin/saml2_tests/utils_test.py
@@ -810,54 +810,54 @@ def testAddSign(self):
 
         res = parseString(xml_authn_signed)
         ds_signature = res.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature.tagName)
+        self.assertEqual('ds:Signature', ds_signature.tagName)
 
         xml_authn_dom = parseString(xml_authn)
         xml_authn_signed_2 = OneLogin_Saml2_Utils.add_sign(xml_authn_dom, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_authn_signed_2)
         res_2 = parseString(xml_authn_signed_2)
         ds_signature_2 = res_2.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_2.tagName)
+        self.assertEqual('ds:Signature', ds_signature_2.tagName)
 
         xml_authn_signed_3 = OneLogin_Saml2_Utils.add_sign(xml_authn_dom.firstChild, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_authn_signed_3)
         res_3 = parseString(xml_authn_signed_3)
         ds_signature_3 = res_3.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_3.tagName)
+        self.assertEqual('ds:Signature', ds_signature_3.tagName)
 
         xml_authn_etree = etree.fromstring(xml_authn)
         xml_authn_signed_4 = OneLogin_Saml2_Utils.add_sign(xml_authn_etree, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_authn_signed_4)
         res_4 = parseString(xml_authn_signed_4)
         ds_signature_4 = res_4.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_4.tagName)
+        self.assertEqual('ds:Signature', ds_signature_4.tagName)
 
         xml_authn_signed_5 = OneLogin_Saml2_Utils.add_sign(xml_authn_etree, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_authn_signed_5)
         res_5 = parseString(xml_authn_signed_5)
         ds_signature_5 = res_5.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_5.tagName)
+        self.assertEqual('ds:Signature', ds_signature_5.tagName)
 
         xml_logout_req = b64decode(self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml.base64')))
         xml_logout_req_signed = OneLogin_Saml2_Utils.add_sign(xml_logout_req, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_logout_req_signed)
         res_6 = parseString(xml_logout_req_signed)
         ds_signature_6 = res_6.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_6.tagName)
+        self.assertEqual('ds:Signature', ds_signature_6.tagName)
 
         xml_logout_res = b64decode(self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml.base64')))
         xml_logout_res_signed = OneLogin_Saml2_Utils.add_sign(xml_logout_res, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_logout_res_signed)
         res_7 = parseString(xml_logout_res_signed)
         ds_signature_7 = res_7.firstChild.firstChild.nextSibling.nextSibling
-        self.assertIn('ds:Signature', ds_signature_7.tagName)
+        self.assertEqual('ds:Signature', ds_signature_7.tagName)
 
         xml_metadata = self.file_contents(join(self.data_path, 'metadata', 'metadata_settings1.xml'))
         xml_metadata_signed = OneLogin_Saml2_Utils.add_sign(xml_metadata, key, cert)
         self.assertIn('<ds:SignatureValue>', xml_metadata_signed)
         res_8 = parseString(xml_metadata_signed)
-        ds_signature_8 = res_8.firstChild.firstChild.nextSibling.firstChild.nextSibling
-        self.assertIn('ds:Signature', ds_signature_8.tagName)
+        ds_signature_8 = res_8.firstChild.firstChild.nextSibling
+        self.assertEqual('ds:Signature', ds_signature_8.tagName)
 
         with self.assertRaisesRegexp(Exception, 'Error parsing xml string'):
             OneLogin_Saml2_Utils.add_sign(1, key, cert)