Commit 6cf9160
Changed files (2)
lib
saml
kit
lib/saml/kit/assertion.rb
@@ -27,14 +27,12 @@ module Saml
xml_hash ? Signature.new(xml_hash) : nil
end
- def expired?
- Time.current > expired_at
+ def expired?(now = Time.current)
+ now > expired_at
end
- def active?
- clock_drift = configuration.clock_drift
- start = clock_drift.before(started_at)
- Time.current > start && !expired?
+ def active?(now = Time.current)
+ now > configuration.clock_drift.before(started_at) && !expired?
end
def attributes
lib/saml/kit/xml.rb
@@ -60,24 +60,20 @@ module Saml
end
def validate_certificates(now = Time.current)
- return unless document.at_xpath('//ds:Signature', Xmldsig::NAMESPACES).present?
+ return unless find_by('//ds:Signature').present?
x509_certificates.each do |certificate|
- if now < certificate.not_before
- errors.add(:certificate, "Not valid before #{certificate.not_before}")
- end
+ inactive = now < certificate.not_before
+ errors.add(:certificate, "Not valid before #{certificate.not_before}") if inactive
- if now > certificate.not_after
- errors.add(:certificate, "Not valid after #{certificate.not_after}")
- end
+ expired = now > certificate.not_after
+ errors.add(:certificate, "Not valid after #{certificate.not_after}") if expired
end
end
def x509_certificates
xpath = "//ds:KeyInfo/ds:X509Data/ds:X509Certificate"
- document.search(xpath, Xmldsig::NAMESPACES).map do |item|
- Certificate.to_x509(item.text)
- end
+ find_all(xpath).map { |item| Certificate.to_x509(item.text) }
end
end
end