Commit 4ca5e81

mo <mo@mokhan.ca>
2017-12-16 17:03:20
suppose signed and encrypted assertions.
main
1 parent 9f44e30
Changed files (4)
lib
saml
kit
builders
templates
assertion.builder
assertion.rb
templatable.rb
spec
saml
builders
response_spec.rb
lib/saml/kit/builders/templates/assertion.builder
@@ -1,7 +1,7 @@
 encryption_for(xml: xml) do |xml|
   xml.Assertion(assertion_options) do
     xml.Issuer issuer
-    signature_for(reference_id: reference_id, xml: xml) unless encrypt
+    signature_for(reference_id: reference_id, xml: xml)
     xml.Subject do
       xml.NameID name_id, Format: name_id_format
       xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
lib/saml/kit/assertion.rb
@@ -63,12 +63,12 @@ module Saml
         []
       end
 
-      private
-
       def encrypted?
         @xml_hash.fetch('Response', {}).fetch('EncryptedAssertion', nil).present?
       end
 
+      private
+
       def assertion
         if encrypted?
           decrypted = XmlDecryption.new(configuration: @configuration).decrypt(@xml_hash['Response']['EncryptedAssertion'])
lib/saml/kit/templatable.rb
@@ -24,7 +24,8 @@ module Saml
         if encrypt?
           temp = ::Builder::XmlMarkup.new
           yield temp
-          xml_encryption = Saml::Kit::Builders::XmlEncryption.new(temp.target!, encryption_certificate.public_key)
+          signed_xml = signatures.complete(temp.target!)
+          xml_encryption = Saml::Kit::Builders::XmlEncryption.new(signed_xml, encryption_certificate.public_key)
           render(xml_encryption, xml: xml)
         else
           yield xml
spec/saml/builders/response_spec.rb
@@ -124,5 +124,25 @@ RSpec.describe Saml::Kit::Builders::Response do
       expect(result['Response']['Signature']).to be_present
       expect(result['Response']['Assertion']['Signature']).to be_present
     end
+
+    it 'generates a signed response and signed and encrypted assertion' do
+      subject.encrypt = true
+      subject.sign = true
+
+      result = Saml::Kit::Response.new(subject.to_xml, configuration: configuration)
+      expect(result).to be_signed
+      expect(result.assertion).to be_signed
+      expect(result.assertion).to be_encrypted
+    end
+
+    it 'generates an encrypted assertion' do
+      subject.encrypt = true
+      subject.sign = false
+
+      result = Saml::Kit::Response.new(subject.to_xml, configuration: configuration)
+      expect(result).to_not be_signed
+      expect(result.assertion).to_not be_signed
+      expect(result.assertion).to be_encrypted
+    end
   end
 end