Commit 981a3b4

mo <mo.khan@gmail.com>
2018-02-15 23:05:04
attempt to decrypt immediately.
main
1 parent e841e24
Changed files (2)
lib
saml
kit
assertion.rb
spec
saml
assertion_spec.rb
lib/saml/kit/assertion.rb
@@ -16,6 +16,7 @@ module Saml
         @configuration = configuration
         @occurred_at = Time.current
         @private_keys = configuration.private_keys(use: :encryption) + private_keys
+        decrypt!
       end
 
       def issuer
@@ -92,14 +93,6 @@ module Saml
       def assertion
         @assertion ||=
           if encrypted?
-            decryptor = ::Xml::Kit::Decryption.new(private_keys: private_keys)
-            encrypted_assertion = @node.document.at_xpath(
-              '/samlp:Response/saml:EncryptedAssertion/xmlenc:EncryptedData',
-              'xmlenc' => ::Xml::Kit::Namespaces::XMLENC,
-              "saml": ::Saml::Kit::Namespaces::ASSERTION,
-              "samlp": ::Saml::Kit::Namespaces::PROTOCOL
-            )
-            @node = decryptor.decrypt_node(encrypted_assertion)
             (hash_from(@node)['Response'] || {})['Assertion']
           else
             result = @xml_hash.fetch('Assertion', {})
@@ -110,6 +103,19 @@ module Saml
           end
       end
 
+      def decrypt!
+        return unless encrypted?
+        decryptor = ::Xml::Kit::Decryption.new(private_keys: private_keys)
+        encrypted_assertion = @node.document.at_xpath(
+          '/samlp:Response/saml:EncryptedAssertion/xmlenc:EncryptedData',
+          'xmlenc' => ::Xml::Kit::Namespaces::XMLENC,
+          "saml": ::Saml::Kit::Namespaces::ASSERTION,
+          "samlp": ::Saml::Kit::Namespaces::PROTOCOL
+        )
+        @node = decryptor.decrypt_node(encrypted_assertion)
+        #(hash_from(@node)['Response'] || {})['Assertion']
+      end
+
       def parse_date(value)
         DateTime.parse(value)
       rescue => error
spec/saml/assertion_spec.rb
@@ -127,4 +127,20 @@ XML
       expect(assertion).to be_signed
     end
   end
+
+  describe "#to_xml" do
+    let(:request) { instance_double(Saml::Kit::AuthenticationRequest, id: ::Xml::Kit::Id.generate, issuer: FFaker::Internet.http_url, assertion_consumer_service_url: FFaker::Internet.http_url, name_id_format: Saml::Kit::Namespaces::PERSISTENT, provider: nil, signed?: true, trusted?: true) }
+    let(:user) { double(:user, name_id_for: SecureRandom.uuid, assertion_attributes_for: { id: SecureRandom.uuid }) }
+
+    it 'returns the decrypted xml' do
+      encryption_key_pair = Xml::Kit::KeyPair.generate(use: :encryption)
+      response = Saml::Kit::Response.build(user, request) do |x|
+        x.sign_with(Xml::Kit::KeyPair.generate(use: :signing))
+        x.encrypt_with(encryption_key_pair)
+      end
+      assertion = response.assertion([encryption_key_pair.private_key])
+      expect(assertion.to_xml).to_not include("EncryptedAssertion")
+      expect(assertion.to_xml).to include("Assertion")
+    end
+  end
 end