Commit 667d69a
Changed files (3)
lib
saml
kit
spec
lib/saml/kit/signature.rb
@@ -1,6 +1,8 @@
module Saml
module Kit
class Signature
+ include ActiveModel::Validations
+
def initialize(xml_hash)
@xml_hash = xml_hash
end
spec/saml/response_spec.rb
@@ -423,11 +423,11 @@ RSpec.describe Saml::Kit::Response do
let(:created_at) { DateTime.now }
let(:assertion) do
<<-XML
-<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="#{id}" IssueInstant="2017-11-23T04:33:58Z" Version="2.0">
+<Assertion xmlns="#{SAML::Kit::Namespaces::ASSERTION}" ID="#{id}" IssueInstant="2017-11-23T04:33:58Z" Version="2.0">
<Issuer>#{FFaker::Internet.uri("https")}</Issuer>
<Subject>
<NameID Format="#{Saml::Kit::Namespaces::PERSISTENT}">#{SecureRandom.uuid}</NameID>
- <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <SubjectConfirmation Method="#{SAML::Kit::BEARER}">
<SubjectConfirmationData InResponseTo="#{SecureRandom.uuid}" NotOnOrAfter="2017-11-23T07:33:58Z" Recipient="https://westyundt.ca/acs"/>
</SubjectConfirmation>
</Subject>
spec/saml/signature_spec.rb
@@ -0,0 +1,22 @@
+RSpec.describe Saml::Kit::Signature do
+ describe "#valid?" do
+ let(:key_pair) { ::Xml::Kit::KeyPair.generate(use: :signing) }
+
+ it 'returns true when the signature is valid' do
+ signed_document = Saml::Kit::AuthenticationRequest.build do |x|
+ x.sign_with(key_pair)
+ end
+ subject = described_class.new(Hash.from_xml(signed_document.to_xml))
+ expect(subject).to be_valid
+ end
+
+ it 'is invalid when the xml has been tampered' do
+ signed_document = Saml::Kit::AuthenticationRequest.build do |x|
+ x.sign_with(key_pair)
+ end
+ tampered_xml = signed_document.to_xml.gsub("Issuer", "Hacked")
+ subject = described_class.new(Hash.from_xml(tampered_xml))
+ expect(subject).to_not be_valid
+ end
+ end
+end