Commit d70e284
Changed files (2)
lib
saml
kit
spec
saml
lib/saml/kit/trustable.rb
@@ -16,11 +16,9 @@ module Saml
# @!visibility private
def signature
- xml_hash = to_h.fetch(name, {}).fetch('Signature', nil)
- xml_hash ? Signature.new(at_xpath('//ds:Signature')) : nil
+ @signature ||= Signature.new(at_xpath("/samlp:#{name}/ds:Signature"))
end
-
# Returns true when documents is signed and the signing certificate belongs to a known service entity.
def trusted?
return true if signature_manually_verified
@@ -44,16 +42,10 @@ module Saml
def must_have_valid_signature
return if to_xml.blank?
+ return unless signature.present?
- xml = ::Xml::Kit::Document.new(to_xml, namespaces: {
- "NameFormat": Namespaces::ATTR_SPLAT,
- "ds": ::Xml::Kit::Namespaces::XMLDSIG,
- "md": Namespaces::METADATA,
- "saml": Namespaces::ASSERTION,
- "samlp": Namespaces::PROTOCOL,
- })
- xml.valid?
- xml.errors.each do |attribute, error|
+ signature.valid?
+ signature.errors.each do |attribute, error|
errors[attribute] << error
end
end
spec/saml/response_spec.rb
@@ -367,7 +367,7 @@ RSpec.describe Saml::Kit::Response do
</samlp:Response>
XML
subject = described_class.new(xml)
- expect(subject.signature).to be_nil
+ expect(subject.signature).to_not be_present
expect(subject.assertion.signature).to be_present
expect(subject.assertion.signature.certificate.stripped).to eql(certificate.stripped)
end
@@ -411,7 +411,7 @@ RSpec.describe Saml::Kit::Response do
</samlp:Response>
XML
subject = described_class.new(xml)
- expect(subject.signature).to be_nil
+ expect(subject.signature).to_not be_present
end
end