Commit 5f4e860
Changed files (5)
spec
spec/xml/kit/crypto/oaep_cipher_spec.rb
@@ -1,27 +1,19 @@
# frozen_string_literal: true
RSpec.describe ::Xml::Kit::Crypto::OaepCipher do
+ subject { described_class.new('', private_key) }
+
let(:key_pair) { ::Xml::Kit::KeyPair.generate(use: :encryption) }
let(:private_key) { key_pair.private_key }
+ let(:uuid) { SecureRandom.uuid }
describe '#encrypt' do
- subject { described_class.new('', private_key) }
-
- let(:uuid) { SecureRandom.uuid }
-
- it 'encrypts the plain text' do
- expect(subject.decrypt(subject.encrypt(uuid))).to eql(uuid)
- end
+ specify { expect(subject.decrypt(subject.encrypt(uuid))).to eql(uuid) }
end
describe '#decrypt' do
- subject { described_class.new('', private_key) }
-
- let(:uuid) { SecureRandom.uuid }
+ let(:cipher_text) { private_key.public_encrypt(uuid, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING) }
- it 'decrypts the cipher text' do
- cipher_text = private_key.public_encrypt(uuid, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
- expect(subject.decrypt(cipher_text)).to eql(uuid)
- end
+ specify { expect(subject.decrypt(cipher_text)).to eql(uuid) }
end
end
spec/xml/kit/crypto/rsa_cipher_spec.rb
@@ -1,27 +1,19 @@
# frozen_string_literal: true
RSpec.describe ::Xml::Kit::Crypto::RsaCipher do
+ subject { described_class.new('', private_key) }
+
let(:key_pair) { ::Xml::Kit::KeyPair.generate(use: :encryption) }
let(:private_key) { key_pair.private_key }
+ let(:uuid) { SecureRandom.uuid }
describe '#encrypt' do
- subject { described_class.new('', private_key) }
-
- let(:uuid) { SecureRandom.uuid }
-
- it 'encrypts the plain text' do
- expect(subject.decrypt(subject.encrypt(uuid))).to eql(uuid)
- end
+ specify { expect(subject.decrypt(subject.encrypt(uuid))).to eql(uuid) }
end
describe '#decrypt' do
- subject { described_class.new('', private_key) }
-
- let(:uuid) { SecureRandom.uuid }
+ let(:cipher_text) { private_key.public_encrypt(uuid) }
- it 'decrypts the cipher text' do
- cipher_text = private_key.public_encrypt(uuid)
- expect(subject.decrypt(cipher_text)).to eql(uuid)
- end
+ specify { expect(subject.decrypt(cipher_text)).to eql(uuid) }
end
end
spec/xml/kit/key_pair_spec.rb
@@ -11,10 +11,8 @@ RSpec.describe Xml::Kit::KeyPair do
let(:key) { OpenSSL::PKey::RSA.new(2048) }
let(:passphrase) { 'secret' }
- it 'ignores empty passphrases' do
- expect do
- described_class.new(certificate.to_pem, key.export, '', :signing)
- end.not_to raise_error
+ context 'when the passphrase is empty' do
+ specify { expect { described_class.new(certificate.to_pem, key.export, '', :signing) }.not_to raise_error }
end
it 'decrypts encrypted private keys' do
spec/xml/kit/kit_spec.rb
@@ -1,7 +1,5 @@
# frozen_string_literal: true
RSpec.describe Xml::Kit do
- it 'has a version number' do
- expect(Xml::Kit::VERSION).not_to be nil
- end
+ specify { expect(Xml::Kit::VERSION).not_to be_nil }
end
spec/xml/kit/signatures_spec.rb
@@ -5,58 +5,68 @@ RSpec.describe ::Xml::Kit::Signatures do
let(:options) { { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', 'xmlns:saml' => 'urn:oasis:names:tc:SAML:2.0:assertion', ID: reference_id } }
let(:key_pair) { ::Xml::Kit::KeyPair.generate(use: :signing) }
- it 'generates a signature' do
- signed_xml = described_class.sign(key_pair: key_pair) do |xml, signature|
- xml.tag!('samlp:AuthnRequest', options) do
- signature.template(reference_id)
- xml.tag!('saml:Issuer', 'MyEntityID')
+ context 'when a key pair is specified' do
+ let(:signed_xml) do
+ described_class.sign(key_pair: key_pair) do |xml, signature|
+ xml.tag!('samlp:AuthnRequest', options) do
+ signature.template(reference_id)
+ xml.tag!('saml:Issuer', 'MyEntityID')
+ end
end
end
- result = Hash.from_xml(signed_xml)
-
- signature = result['AuthnRequest']['Signature']
- expect(signature['xmlns']).to eql('http://www.w3.org/2000/09/xmldsig#')
- expect(signature['SignedInfo']['CanonicalizationMethod']['Algorithm']).to eql('http://www.w3.org/2001/10/xml-exc-c14n#')
- expect(signature['SignedInfo']['SignatureMethod']['Algorithm']).to eql('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256')
+ let(:result) { Hash.from_xml(signed_xml) }
+ let(:signature) { result['AuthnRequest']['Signature'] }
+ let(:expected_certificate) { key_pair.certificate.stripped }
- expect(signature['SignedInfo']['Reference']['URI']).to eql("##{reference_id}")
- expect(signature['SignedInfo']['Reference']['Transforms']['Transform']).to match_array([
- { 'Algorithm' => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature' },
- { 'Algorithm' => 'http://www.w3.org/2001/10/xml-exc-c14n#' }
- ])
- expect(signature['SignedInfo']['Reference']['DigestMethod']['Algorithm']).to eql('http://www.w3.org/2001/04/xmlenc#sha256')
- expected_certificate = key_pair.certificate.stripped
- expect(signature['KeyInfo']['X509Data']['X509Certificate']).to eql(expected_certificate)
- expect(signature['SignedInfo']['Reference']['DigestValue']).to be_present
- expect(signature['SignatureValue']).to be_present
- expect(OpenSSL::X509::Certificate.new(Base64.decode64(signature['KeyInfo']['X509Data']['X509Certificate']))).to be_present
+ specify { expect(signature['xmlns']).to eql('http://www.w3.org/2000/09/xmldsig#') }
+ specify { expect(signature['SignedInfo']['CanonicalizationMethod']['Algorithm']).to eql('http://www.w3.org/2001/10/xml-exc-c14n#') }
+ specify { expect(signature['SignedInfo']['SignatureMethod']['Algorithm']).to eql('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') }
+ specify { expect(signature['SignedInfo']['Reference']['URI']).to eql("##{reference_id}") }
+ specify { expect(signature['SignedInfo']['Reference']['DigestMethod']['Algorithm']).to eql('http://www.w3.org/2001/04/xmlenc#sha256') }
+ specify { expect(signature['KeyInfo']['X509Data']['X509Certificate']).to eql(expected_certificate) }
+ specify { expect(signature['SignedInfo']['Reference']['DigestValue']).to be_present }
+ specify { expect(signature['SignatureValue']).to be_present }
+ specify { expect(OpenSSL::X509::Certificate.new(Base64.decode64(signature['KeyInfo']['X509Data']['X509Certificate']))).to be_present }
+ specify do
+ expect(signature['SignedInfo']['Reference']['Transforms']['Transform']).to match_array([
+ { 'Algorithm' => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature' },
+ { 'Algorithm' => 'http://www.w3.org/2001/10/xml-exc-c14n#' }
+ ])
+ end
end
- it 'does not add a signature' do
- signed_xml = described_class.sign(key_pair: nil) do |xml, signature|
- xml.AuthnRequest do
- signature.template(reference_id)
- xml.Issuer 'MyEntityID'
+ context 'when a key pair is not specified' do
+ let(:signed_xml) do
+ described_class.sign(key_pair: nil) do |xml, signature|
+ xml.AuthnRequest do
+ signature.template(reference_id)
+ xml.Issuer 'MyEntityID'
+ end
end
end
- result = Hash.from_xml(signed_xml)
- expect(result['AuthnRequest']).to be_present
- expect(result['AuthnRequest']['Signature']).to be_nil
+ let(:result) { Hash.from_xml(signed_xml) }
+
+ specify { expect(result['AuthnRequest']).to be_present }
+ specify { expect(result['AuthnRequest']['Signature']).to be_nil }
end
- it 'produces a valid signature' do
- result = described_class.sign(key_pair: key_pair) do |xml, signature|
- xml.tag!('saml:Assertion', options) do
- signature.template(reference_id)
- xml.tag! 'saml:Subject' do
- xml.NameID Format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
+ context 'when the signature is embedded' do
+ let(:result) do
+ described_class.sign(key_pair: key_pair) do |xml, signature|
+ xml.tag!('saml:Assertion', options) do
+ signature.template(reference_id)
+ xml.tag! 'saml:Subject' do
+ xml.NameID Format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'
+ end
end
end
end
- node = Nokogiri::XML(result).at_xpath('//ds:Signature', ds: ::Xml::Kit::Namespaces::XMLDSIG)
- dsignature = Xmldsig::Signature.new(node, 'ID=$uri or @Id')
- expect(dsignature).to be_valid(key_pair.certificate.x509)
- expect(dsignature.errors).to be_empty
+ it 'produces a valid signature' do
+ node = Nokogiri::XML(result).at_xpath('//ds:Signature', ds: ::Xml::Kit::Namespaces::XMLDSIG)
+ dsignature = Xmldsig::Signature.new(node, 'ID=$uri or @Id')
+ expect(dsignature).to be_valid(key_pair.certificate.x509)
+ expect(dsignature.errors).to be_empty
+ end
end
end