1# frozen_string_literal: true
 2
 3RSpec.describe Saml::Kit::Builders::IdentityProviderMetadata do
 4  subject { described_class.new(configuration: configuration) }
 5
 6  let(:configuration) do
 7    Saml::Kit::Configuration.new do |config|
 8      config.generate_key_pair_for(use: :signing)
 9      config.generate_key_pair_for(use: :encryption)
10    end
11  end
12  let(:email) { FFaker::Internet.email }
13  let(:org_name) { FFaker::Movie.title }
14  let(:url) { FFaker::Internet.uri('https') }
15  let(:entity_id) { FFaker::Movie.title }
16
17  it 'builds a proper metadata' do
18    subject.contact_email = email
19    subject.entity_id = entity_id
20    subject.organization_name = org_name
21    subject.organization_url = url
22    subject.name_id_formats = [
23      Saml::Kit::Namespaces::PERSISTENT,
24      Saml::Kit::Namespaces::TRANSIENT,
25      Saml::Kit::Namespaces::EMAIL_ADDRESS,
26    ]
27    subject.add_single_sign_on_service('https://www.example.com/login', binding: :http_redirect)
28    subject.add_single_logout_service('https://www.example.com/logout', binding: :http_post)
29    subject.attributes << 'id'
30
31    result = Hash.from_xml(subject.build.to_xml)
32
33    expect(result['EntityDescriptor']['ID']).to be_present
34    expect(result['EntityDescriptor']['entityID']).to eql(entity_id)
35    expect(result['EntityDescriptor']['IDPSSODescriptor']['protocolSupportEnumeration']).to eql(Saml::Kit::Namespaces::PROTOCOL)
36    expect(result['EntityDescriptor']['IDPSSODescriptor']['WantAuthnRequestsSigned']).to eql('true')
37    expect(result['EntityDescriptor']['IDPSSODescriptor']['NameIDFormat']).to match_array([
38      Saml::Kit::Namespaces::PERSISTENT,
39      Saml::Kit::Namespaces::TRANSIENT,
40      Saml::Kit::Namespaces::EMAIL_ADDRESS,
41    ])
42    expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Binding']).to eql(Saml::Kit::Bindings::HTTP_REDIRECT)
43    expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleSignOnService']['Location']).to eql('https://www.example.com/login')
44    expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Binding']).to eql(Saml::Kit::Bindings::HTTP_POST)
45    expect(result['EntityDescriptor']['IDPSSODescriptor']['SingleLogoutService']['Location']).to eql('https://www.example.com/logout')
46    expect(result['EntityDescriptor']['IDPSSODescriptor']['Attribute']['Name']).to eql('id')
47    certificates = result['EntityDescriptor']['IDPSSODescriptor']['KeyDescriptor'].map { |x| x['KeyInfo']['X509Data']['X509Certificate'] }
48    expected_certificates = configuration.certificates.map(&:stripped)
49    expect(certificates).to match_array(expected_certificates)
50    expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
51    expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
52    expect(result['EntityDescriptor']['Organization']['OrganizationURL']).to eql(url)
53    expect(result['EntityDescriptor']['ContactPerson']['contactType']).to eql('technical')
54    expect(result['EntityDescriptor']['ContactPerson']['Company']).to eql("mailto:#{email}")
55  end
56end