Comparing changes

v1.0.8 → v1.0.9

5 commits 4 files changed

Commits

7d1f676 record the time of the test run. mo 2018-02-18 18:16:02

fb19575 decrease ABC size. mo 2018-02-18 18:13:13

74b6389 " -> ' mo 2018-02-18 18:06:42

9c53291 bump version. mo 2018-02-18 18:02:49

0a482a9 provided the expected digest value of a signature. mo 2018-02-18 18:01:21

Changed files (4)

bin

cibuild

lib

saml

kit

signature.rb

version.rb

spec

saml

kit

signature_spec.rb

bin/cibuild

@@ -17,7 +17,6 @@ export RUBY_HEAP_FREE_MIN=100000
 export RUBY_HEAP_SLOTS_INCREMENT=400000
 export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
 
-gem install bundler --no-ri --no-rdoc --conservative
-# run tests
 ruby -v
-bin/test
+gem install bundler --no-ri --no-rdoc --conservative
+time bin/test

lib/saml/kit/signature.rb

@@ -31,6 +31,13 @@ module Saml
         at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestValue').try(:text)
       end
 
+      def expected_digest_value
+        digests = dsignature.references.map do |x|
+          Base64.encode64(x.calculate_digest_value).chomp
+        end
+        digests.count > 1 ? digests : digests[0]
+      end
+
       def digest_method
         at_xpath('./ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm').try(:value)
       end
@@ -69,11 +76,10 @@ module Saml
       attr_reader :node
 
       def validate_signature
-        return errors[:base].push(error_message(:empty)) if certificate.nil?
+        return errors.add(:base, error_message(:empty)) if certificate.nil?
+        return if dsignature.valid?(certificate.x509)
 
-        signature = Xmldsig::Signature.new(@node, 'ID=$uri or @Id')
-        return if signature.valid?(certificate.x509)
-        signature.errors.each do |attribute|
+        dsignature.errors.each do |attribute|
           errors.add(attribute, error_message(attribute))
         end
       end
@@ -94,6 +100,10 @@ module Saml
         return nil unless node
         node.at_xpath(xpath, Saml::Kit::Document::NAMESPACES)
       end
+
+      def dsignature
+        @dsignature ||= Xmldsig::Signature.new(node, 'ID=$uri or @Id')
+      end
     end
   end
 end

lib/saml/kit/version.rb

@@ -1,5 +1,5 @@
 module Saml
   module Kit
-    VERSION = '1.0.8'.freeze
+    VERSION = '1.0.9'.freeze
   end
 end

spec/saml/kit/signature_spec.rb

@@ -95,4 +95,15 @@ RSpec.describe Saml::Kit::Signature do
       end
     end
   end
+
+  describe '#expected_digest_value' do
+    it 'returns the expected digest value' do
+      expected_digest = subject.digest_value
+
+      signed_document.at_xpath('//ds:Signature/ds:SignedInfo/ds:Reference/ds:DigestValue').content = 'INVALID'
+      subject = described_class.new(signed_document.at_xpath('//ds:Signature'))
+
+      expect(subject.expected_digest_value).to eql(expected_digest)
+    end
+  end
 end