1616from xml .dom .minidom import Document
1717
1818from onelogin .saml2 .constants import OneLogin_Saml2_Constants
19- from onelogin .saml2 .utils import OneLogin_Saml2_Utils
19+ from onelogin .saml2 .utils import OneLogin_Saml2_Utils , return_false_on_exception
2020
2121
2222class OneLogin_Saml2_Response (object ):
@@ -90,13 +90,21 @@ def is_valid(self, request_data, request_id=None):
9090
9191 if self .__settings .is_strict ():
9292 no_valid_xml_msg = 'Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd'
93- res = OneLogin_Saml2_Utils .validate_xml (etree .tostring (self .document ), 'saml-schema-protocol-2.0.xsd' , self .__settings .is_debug_active ())
93+ res = OneLogin_Saml2_Utils .validate_xml (
94+ etree .tostring (self .document ),
95+ 'saml-schema-protocol-2.0.xsd' ,
96+ self .__settings .is_debug_active ()
97+ )
9498 if not isinstance (res , Document ):
9599 raise Exception (no_valid_xml_msg )
96100
97101 # If encrypted, check also the decrypted document
98102 if self .encrypted :
99- res = OneLogin_Saml2_Utils .validate_xml (etree .tostring (self .decrypted_document ), 'saml-schema-protocol-2.0.xsd' , self .__settings .is_debug_active ())
103+ res = OneLogin_Saml2_Utils .validate_xml (
104+ etree .tostring (self .decrypted_document ),
105+ 'saml-schema-protocol-2.0.xsd' ,
106+ self .__settings .is_debug_active ()
107+ )
100108 if not isinstance (res , Document ):
101109 raise Exception (no_valid_xml_msg )
102110
@@ -123,8 +131,7 @@ def is_valid(self, request_data, request_id=None):
123131 raise Exception ('There is no AttributeStatement on the Response' )
124132
125133 # Validates Assertion timestamps
126- if not self .validate_timestamps ():
127- raise Exception ('Timing issues (please check your clock settings)' )
134+ self .validate_timestamps (raise_exceptions = True )
128135
129136 encrypted_attributes_nodes = self .__query_assertion ('/saml:AttributeStatement/saml:EncryptedAttribute' )
130137 if encrypted_attributes_nodes :
@@ -212,8 +219,7 @@ def is_valid(self, request_data, request_id=None):
212219 document_to_validate = self .decrypted_document
213220 else :
214221 document_to_validate = self .document
215- if not OneLogin_Saml2_Utils .validate_sign (document_to_validate , cert , fingerprint , fingerprintalg ):
216- raise Exception ('Signature validation failed. SAML Response rejected' )
222+ OneLogin_Saml2_Utils .validate_sign (document_to_validate , cert , fingerprint , fingerprintalg , raise_exceptions = True )
217223 else :
218224 raise Exception ('No Signature found. SAML Response rejected' )
219225
@@ -435,10 +441,14 @@ def process_signed_elements(self):
435441 signed_elements .append (signed_element )
436442 return signed_elements
437443
444+ @return_false_on_exception
438445 def validate_timestamps (self ):
439446 """
440447 Verifies that the document is valid according to Conditions Element
441448
449+ :param raise_exceptions: Whether to return false on failure or raise an exception
450+ :type raise_exceptions: Boolean
451+
442452 :returns: True if the condition is valid, False otherwise
443453 :rtype: bool
444454 """
@@ -448,9 +458,9 @@ def validate_timestamps(self):
448458 nb_attr = conditions_node .get ('NotBefore' )
449459 nooa_attr = conditions_node .get ('NotOnOrAfter' )
450460 if nb_attr and OneLogin_Saml2_Utils .parse_SAML_to_time (nb_attr ) > OneLogin_Saml2_Utils .now () + OneLogin_Saml2_Constants .ALLOWED_CLOCK_DRIFT :
451- return False
461+ raise Exception ( 'Could not validate timestamp: not yet valid. Check system clock.' )
452462 if nooa_attr and OneLogin_Saml2_Utils .parse_SAML_to_time (nooa_attr ) + OneLogin_Saml2_Constants .ALLOWED_CLOCK_DRIFT <= OneLogin_Saml2_Utils .now ():
453- return False
463+ raise Exception ( 'Could not validate timestamp: expired. Check system clock.' )
454464 return True
455465
456466 def __query_assertion (self , xpath_expr ):
0 commit comments