Commit `0a482a9`

mo <mo.khan@gmail.com>

2018-02-18 18:01:21

provided the expected digest value of a signature.

main

1 parent 41b5744

Changed files (2)

lib

saml

kit

signature.rb

spec

saml

kit

signature_spec.rb

@@ -31,6 +31,13 @@ module Saml
         at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestValue').try(:text)
       end
 
+      def expected_digest_value
+        digests = dsignature.references.map do |x|
+          Base64.encode64(x.calculate_digest_value).chomp
+        end
+        digests.count > 1 ? digests : digests[0]
+      end
+
       def digest_method
         at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm').try(:value)
       end
@@ -71,9 +78,8 @@ module Saml
       def validate_signature
         return errors[:base].push(error_message(:empty)) if certificate.nil?
 
-        signature = Xmldsig::Signature.new(@node, 'ID=$uri or @Id')
-        return if signature.valid?(certificate.x509)
-        signature.errors.each do |attribute|
+        return if dsignature.valid?(certificate.x509)
+        dsignature.errors.each do |attribute|
           errors.add(attribute, error_message(attribute))
         end
       end
@@ -94,6 +100,10 @@ module Saml
         return nil unless node
         node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
       end
+
+      def dsignature
+        @dsignature ||= Xmldsig::Signature.new(node, 'ID=$uri or @Id')
+      end
     end
   end
 end

@@ -95,4 +95,15 @@ RSpec.describe Saml::Kit::Signature do
       end
     end
   end
+
+  describe "#expected_digest_value" do
+    it 'returns the expected digest value' do
+      expected_digest = subject.digest_value
+
+      signed_document.at_xpath('//ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestValue').content = 'INVALID'
+      subject = described_class.new(signed_document.at_xpath('//ds:Signature'))
+
+      expect(subject.expected_digest_value).to eql(expected_digest)
+    end
+  end
 end

Commit 0a482a9

Commit `0a482a9`