Commit 5cc3356
Changed files (2)
lib
saml
kit
spec
saml
lib/saml/kit/response.rb
@@ -65,7 +65,7 @@ module Saml
end
def certificate
- super || to_h.fetch(name, {}).fetch('Assertion', {}).fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
+ super || assertion.fetch('Signature', {}).fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
end
private
@@ -86,7 +86,7 @@ module Saml
end
def audiences
- Array(to_h[name]['Assertion']['Conditions']['AudienceRestriction']['Audience'])
+ Array(assertion['Conditions']['AudienceRestriction']['Audience'])
rescue => error
Saml::Kit.logger.error(error)
[]
@@ -199,7 +199,7 @@ module Saml
Saml::Kit.logger.debug ['+key', key].inspect
xml.EncryptedAssertion xmlns: Namespaces::ASSERTION do
- xml.EncryptedData xmlns: Namespaces::XMLENC, TYPE: "http://www.w3.org/2001/04/xmlenc#Element" do
+ xml.EncryptedData xmlns: Namespaces::XMLENC do
xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
xml.KeyInfo xmlns: Namespaces::XMLDSIG do
xml.EncryptedKey xmlns: Namespaces::XMLENC do
spec/saml/response_spec.rb
@@ -406,20 +406,31 @@ RSpec.describe Saml::Kit::Response do
describe described_class::Builder do
subject { described_class.new(user, request) }
let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: []) }
- let(:request) { double(:request, id: SecureRandom.uuid, acs_url: FFaker::Internet.http_url, provider: provider, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: FFaker::Internet.http_url, signed?: true, trusted?: true) }
+ let(:request) { double(:request, id: "_#{SecureRandom.uuid}", acs_url: FFaker::Internet.http_url, provider: provider, name_id_format: Saml::Kit::Namespaces::PERSISTENT, issuer: issuer, signed?: true, trusted?: true) }
let(:provider) { double(want_assertions_signed: false, encryption_certificates: [{ text: encryption_pem }]) }
let(:encryption_pem) do
Saml::Kit.configuration.stripped_encryption_certificate
end
+ let(:issuer) { FFaker::Internet.uri("https") }
before :each do
- allow(Saml::Kit.configuration).to receive(:issuer).and_return(FFaker::Internet.uri("https"))
+ allow(Saml::Kit.configuration).to receive(:issuer).and_return(issuer)
end
describe "#build" do
it 'builds a response with the request_id' do
expect(subject.build.request_id).to eql(request.id)
end
+
+ it 'builds a valid encrypted assertion' do
+ allow(Saml::Kit.configuration.registry).to receive(:metadata_for).with(issuer).and_return(provider)
+ allow(provider).to receive(:matches?).and_return(true)
+
+ subject.sign = true
+ subject.encrypt = true
+ result = subject.build
+ expect(result).to be_valid
+ end
end
describe "#to_xml" do
@@ -502,7 +513,7 @@ XML
<samlp:StatusCode Value="#{Saml::Kit::Namespaces::SUCCESS}"/>
</samlp:Status>
<saml:EncryptedAssertion>
- <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey>