Align behaviour of expect_references with docs

MatthiasValvekens · MatthiasValvekens · commit d45d9629627d · 2025-08-19T19:38:02.000+09:00
Passing expect_references=True to verify(...) now results in a list of verify_results, irrespective of the number of references in the signature. Fixes #278.
diff --git a/signxml/verifier.py b/signxml/verifier.py
@@ -535,7 +535,11 @@ def verify(
             msg = "Expected to find {} references, but found {}"
             raise InvalidSignature(msg.format(self.config.expect_references, len(verify_results)))
 
-        return verify_results if self.config.expect_references > 1 else verify_results[0]
+        return (
+            verify_results[0]
+            if type(self.config.expect_references) is int and self.config.expect_references == 1
+            else verify_results
+        )
 
     def _verify_reference(
         self,
diff --git a/test/test.py b/test/test.py
@@ -112,6 +112,20 @@ def test_example_multi(self):
             expect_references=2,
         )
 
+    def test_example_multi_unspecified_reference_count(self):
+        cert, _ = self.load_example_keys()
+        with open(os.path.join(os.path.dirname(__file__), "example.pem")) as fh:
+            cert = fh.read()
+        example_file = os.path.join(os.path.dirname(__file__), "example-125.xml")
+        res = XMLVerifier().verify(
+            data=etree.parse(example_file),
+            x509_cert=cert,
+            expect_references=True,
+        )
+
+        self.assertIsInstance(res, list)
+        self.assertEqual(2, len(res))
+
 
 class TestSignXML(unittest.TestCase, LoadExampleKeys):
     def setUp(self):
@@ -490,6 +504,16 @@ def test_elementtree_compat(self):
             </samlp:Response>""",
     ]
 
+    def test_verify_results_with_nonspecific_reference_count(self):
+        crt, key = self.load_example_keys()
+        data = etree.fromstring(self.saml_test_vectors[0])
+        reference_uri = "assertionId"
+        signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt)
+        res = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)
+
+        self.assertIsInstance(res, list)
+        self.assertEqual(1, len(res))
+
     def test_reference_uris_and_custom_key_info(self):
         crt, key = self.load_example_keys()
 
@@ -499,7 +523,7 @@ def test_reference_uris_and_custom_key_info(self):
             reference_uri = ["assertionId", "assertion2"] if "assertion2" in d else "assertionId"
             signed_root = XMLSigner().sign(data, reference_uri=reference_uri, key=key, cert=crt)
             res = XMLVerifier().verify(etree.tostring(signed_root), x509_cert=crt, expect_references=True)
-            signed_data_root = res.signed_xml
+            signed_data_root = res[0].signed_xml
             ref = signed_root.xpath(
                 "/samlp:Response/saml:Assertion/ds:Signature/ds:SignedInfo/ds:Reference",
                 namespaces={
