ruby-saml 0.8.16 → 0.9
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-saml might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.travis.yml +1 -6
- data/Gemfile +2 -12
- data/README.md +363 -35
- data/Rakefile +14 -0
- data/changelog.md +22 -9
- data/lib/onelogin/ruby-saml/attribute_service.rb +34 -0
- data/lib/onelogin/ruby-saml/attributes.rb +26 -64
- data/lib/onelogin/ruby-saml/authrequest.rb +47 -89
- data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +87 -0
- data/lib/onelogin/ruby-saml/logoutrequest.rb +34 -93
- data/lib/onelogin/ruby-saml/logoutresponse.rb +25 -24
- data/lib/onelogin/ruby-saml/metadata.rb +46 -16
- data/lib/onelogin/ruby-saml/response.rb +62 -322
- data/lib/onelogin/ruby-saml/saml_message.rb +78 -0
- data/lib/onelogin/ruby-saml/settings.rb +54 -121
- data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +26 -61
- data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +27 -84
- data/lib/onelogin/ruby-saml/utils.rb +32 -199
- data/lib/onelogin/ruby-saml/version.rb +1 -1
- data/lib/ruby-saml.rb +5 -2
- data/lib/schemas/{saml20assertion_schema.xsd → saml-schema-assertion-2.0.xsd} +283 -283
- data/lib/schemas/saml-schema-authn-context-2.0.xsd +23 -0
- data/lib/schemas/saml-schema-authn-context-types-2.0.xsd +821 -0
- data/lib/schemas/saml-schema-metadata-2.0.xsd +339 -0
- data/lib/schemas/{saml20protocol_schema.xsd → saml-schema-protocol-2.0.xsd} +302 -302
- data/lib/schemas/sstc-metadata-attr.xsd +35 -0
- data/lib/schemas/sstc-saml-attribute-ext.xsd +25 -0
- data/lib/schemas/sstc-saml-metadata-algsupport-v1.0.xsd +41 -0
- data/lib/schemas/sstc-saml-metadata-ui-v1.0.xsd +89 -0
- data/lib/schemas/{xenc_schema.xsd → xenc-schema.xsd} +1 -11
- data/lib/schemas/xml.xsd +287 -0
- data/lib/schemas/{xmldsig_schema.xsd → xmldsig-core-schema.xsd} +0 -9
- data/lib/xml_security.rb +83 -235
- data/ruby-saml.gemspec +1 -0
- data/test/idp_metadata_parser_test.rb +54 -0
- data/test/logoutrequest_test.rb +68 -144
- data/test/logoutresponse_test.rb +43 -25
- data/test/metadata_test.rb +87 -0
- data/test/request_test.rb +103 -90
- data/test/response_test.rb +181 -471
- data/test/responses/idp_descriptor.xml +3 -0
- data/test/responses/logoutresponse_fixtures.rb +5 -5
- data/test/responses/response_no_cert_and_encrypted_attrs.xml +29 -0
- data/test/responses/response_with_multiple_attribute_values.xml +1 -1
- data/test/responses/slo_request.xml +4 -0
- data/test/settings_test.rb +25 -112
- data/test/slo_logoutrequest_test.rb +41 -44
- data/test/slo_logoutresponse_test.rb +87 -167
- data/test/test_helper.rb +27 -102
- data/test/xml_security_test.rb +114 -337
- metadata +34 -84
- data/lib/onelogin/ruby-saml/setting_error.rb +0 -6
- data/test/certificates/certificate.der +0 -0
- data/test/certificates/formatted_certificate +0 -14
- data/test/certificates/formatted_chained_certificate +0 -42
- data/test/certificates/formatted_private_key +0 -12
- data/test/certificates/formatted_rsa_private_key +0 -12
- data/test/certificates/invalid_certificate1 +0 -1
- data/test/certificates/invalid_certificate2 +0 -1
- data/test/certificates/invalid_certificate3 +0 -12
- data/test/certificates/invalid_chained_certificate1 +0 -1
- data/test/certificates/invalid_private_key1 +0 -1
- data/test/certificates/invalid_private_key2 +0 -1
- data/test/certificates/invalid_private_key3 +0 -10
- data/test/certificates/invalid_rsa_private_key1 +0 -1
- data/test/certificates/invalid_rsa_private_key2 +0 -1
- data/test/certificates/invalid_rsa_private_key3 +0 -10
- data/test/certificates/ruby-saml-2.crt +0 -15
- data/test/requests/logoutrequest_fixtures.rb +0 -47
- data/test/responses/encrypted_new_attack.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
- data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
- data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
- data/test/responses/invalids/no_signature.xml.base64 +0 -1
- data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
- data/test/responses/response_node_text_attack.xml.base64 +0 -1
- data/test/responses/response_with_concealed_signed_assertion.xml +0 -51
- data/test/responses/response_with_doubled_signed_assertion.xml +0 -49
- data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
- data/test/responses/response_with_signed_assertion_3.xml +0 -30
- data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
- data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
- data/test/responses/response_wrapped.xml.base64 +0 -150
- data/test/responses/valid_response.xml.base64 +0 -1
- data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
- data/test/utils_test.rb +0 -231
|
@@ -1 +0,0 @@
|
|
|
1
|
-
PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9InBmeGJjODI2YWZkLWU5ZmUtZDNmYi1kODc0LWM0NzAwYzNlZjBjOCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDYtMDRUMDI6MjI6MDJaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2FwcC5tdWRhLm5vL3Nzby9jb25zdW1lIiBJblJlc3BvbnNlVG89Il9mYzRhMzRiMC03ZWZiLTAxMmUtY2FhZS03ODJiY2IxM2JiMzgiPjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5vbmVsb2dpbi5jb20vc2FtbDI8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhiYzgyNmFmZC1lOWZlLWQzZmItZDg3NC1jNDcwMGMzZWYwYzgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPkl6NFpRbHMzQUpaRGIzczh2Y1VYLzNSYytGUT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+UWhLSm1vbnlzUDFxbW5hN1MrZUUxTGMycktBampDMk9HclFPZ1NqUHBUb2N1bVE2aFlIa3pUU1pyN3QvSS9LVE9TdkhDUXFEMXJoNGxTMGpEUC9FdUhOQUN0azlZN2xsMlV5Z3U3MkwrYkZ0cVoyOURuOXJMa1NkR3JpK0k3SGh4TDM2N2RmQVNTaDYrc3k3V2V2RWRrTWZ3ZURRMkFYL3NhNkJCR2d6N1RFPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDR3pDQ0FZUUNDUUNOTmNRWG9tMzJWREFOQmdrcWhraUc5dzBCQVFVRkFEQlNNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1NVNHhGVEFUQmdOVkJBY1RERWx1WkdsaGJtRndiMnhwY3pFUk1BOEdBMVVFQ2hNSVQyNWxURzluYVc0eEREQUtCZ05WQkFzVEEwVnVaekFlRncweE5EQTBNak14T0RReE1ERmFGdzB4TlRBME1qTXhPRFF4TURGYU1GSXhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJRXdKSlRqRVZNQk1HQTFVRUJ4TU1TVzVrYVdGdVlYQnZiR2x6TVJFd0R3WURWUVFLRXdoUGJtVk1iMmRwYmpFTU1Bb0dBMVVFQ3hNRFJXNW5NSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURvNm0rUVp2WVEveEwwRWxMZ3VwSzFRRGNZTDRmNVBja3dzTmdTOXBVdlY3ZnpUcUNIazhUaEx4VGs0Mk1RMk1jSnNPZVVKVlA3MjhLaHltakZDcXhnUDRWdXdSazlycEFsMCttaHk2TVBkeWp5QTZHMTRqckRXUzY1eXNMY2hLNHQvdndwRUR6MFNRbEVvRzFrTXpsbFNtN3paUzNYcmVnQTdEak5hVVlRcXdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBTE0ydkdDaVEvdm0rYTZ2NDArVlgyemRxSEEyUS8xdkYxaWJReko1NE1KQ09WV3ZzK3ZRWGZaRmhkbTBPUE0ySXJEVTdvcXZLUHFQNnhPQWVKSzZIMHlQN000WUwzZmF0U3ZJWW1tZnlYQzlrdDNTdnovTnlySHpQaFVuSjB5ZS9zVVNYeG56UXh3Y20vOVB3QXFyUWFBM1FwUWtINTd5YkYvT29yeVBlKzJoPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4OTUxNmIwZjMtNDUzNi0xMGY2LWM2ZmEtOWRkNTIzZTE0OThjIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDYtMDRUMDI6MjI6MDJaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hcHAub25lbG9naW4uY29tL3NhbWwyPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+dGVzdEBvbmVsb2dpbi5jb208L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMzAtMDYtMDRUMDI6Mjc6MDJaIiBSZWNpcGllbnQ9InJlY2lwaWVudCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDExLTA2LTA0VDAyOjE3OjAyWiIgTm90T25PckFmdGVyPSIyMDMwLTA2LTA0VDAyOjI3OjAyWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3NvbWVvbmUuZXhhbXBsZS5jb20vYXVkaWVuY2U8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTA2LTA0VDAyOjIyOjAyWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAzMC0wNi0wNVQwMjoyMjowMloiIFNlc3Npb25JbmRleD0iXzE2ZjU3MGZiYzAzMTUwMDdhMDM1NWRmZWE2YjNjNDZjIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
pVZdd9o4EH3fc/Y/+LiPOcayDTb4BLoU0oSWfBDTbpuXPbI0Bie25Egi0Pz6lQ04kJI03X2CGY/u3LkjjXT8fpVnxgMImXLWNZ0GMt/3/vzjWOI8K8JrkAVnEgwdxGRYOrvmQrCQY5nKkOEcZKhIGPXPx6HbQCGWEoTSUObOkuL1NYXgihOemcZo2DWLZBWTtuvjhFrQScCiXhJbtB00LdIMECIeJIi0TePrlrPG0EulXMCISYWZ0i7kNC3kW6g5RW7ouiFyb0xjCFKlDKtq1VypIrRtXBSNfEFxg3FbSm4TXe4iBw3ItsVPedf8JyFN7DVjZAWg6SDHBYtgDFbQdmMSO14ce22zV8kWVlxEr8wgNyk4g4zPUtYgPLfLIPfY3o09pjKM0pkmtxBbtamsWS6Xy8bSa3Axs12EkI06to6hMp29M3W3DGO7HuiIJbyCG2DGWUpwlj5WJZ+DmnNq9LMZF6ma5y+AO7aDSnALVsQiTpO9M+0qxVOSiuQb4fa4CoktOcfOBrHEu4YEBDACxpfrUdd899b2VyVOBWYy4SKX++bvsQL2oJtTALXktjhN8PcAD6p2bP/McZjO9C78L+JthHsC+YqzBfRGj82bSSa9/qebYezJ9gP58s32rsnRx0m3IrAbXDlqydfms21TN3i9YjL//Cnn7Ie8cu5zhoPoCE6cMXHF5/7t7cC9PBWTy1l0e1VMOVnkE3/+/ezucRrdiEDZI/vz9DJ6OBtM7oeOmDezCN0Or+yTxdlFf6DuOt+DLHO//JgtAnd8FH9U9zduZ8g6YnwX0VORHo2Cs/lq7PkBTfpRNPeP5I/gb3g4oXfnyRKGE7f/TR8i/8OH09ljMD3p1uXs8NejbM/b20y2SGlT7lsDTsGolr0+sGQVHUYLQkDKqtE/g4b97SjcHOfVS8fZsb+djyMyhxybdWz662ArrcYdgZ9m4XqMdlqOH6PEs5otz7cclPgW8RNsdShtuR44zU6bvGlw/o+xVhnRIr4FojbWhdZzNDQ+6iOB1ctCOw2n8qTUSqrQUJecZn1KRSl6T+lN/ddu/k3mNfx+5gFnSVpilN1Yn73XO0zyMAYsQJgvAw2xwsYFV5fsUvQTBaJUz0M76gXra+caSFqkUMortn/rTXMI+dmnDQUdQdPysyyzfgCtClQNc55SOpuUb6C13aULmpazQF92SqRknX7vS91wyXPQgjdghfMig6rneBO0YVyveWbvodvPyqnzqTkrTxDkWiCjMn9xoUd6J2iEF6ptHQgdMQorfZ07ftIKUBIT5DkthAKMvFaLJoD92CNNn5i7pDRVBSt1wDXI9INHz9Peq28iEpIyTruv9M+SC3qlnzy6s0Cr26HgQtWCHQA/8G3PV4tWe7ejp55M27dM718=
|
data/test/utils_test.rb
DELETED
|
@@ -1,231 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
|
|
2
|
-
|
|
3
|
-
class UtilsTest < Minitest::Test
|
|
4
|
-
describe "Utils" do
|
|
5
|
-
|
|
6
|
-
describe "format_cert" do
|
|
7
|
-
let(:formatted_certificate) {read_certificate("formatted_certificate")}
|
|
8
|
-
let(:formatted_chained_certificate) {read_certificate("formatted_chained_certificate")}
|
|
9
|
-
|
|
10
|
-
it "returns empty string when the cert is an empty string" do
|
|
11
|
-
cert = ""
|
|
12
|
-
assert_equal "", OneLogin::RubySaml::Utils.format_cert(cert)
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
it "returns nil when the cert is nil" do
|
|
16
|
-
cert = nil
|
|
17
|
-
assert_nil OneLogin::RubySaml::Utils.format_cert(cert)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "returns the certificate when it is valid" do
|
|
21
|
-
assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_certificate)
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
it "reformats the certificate when there are spaces and no line breaks" do
|
|
25
|
-
invalid_certificate1 = read_certificate("invalid_certificate1")
|
|
26
|
-
assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate1)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "reformats the certificate when there are spaces and no headers" do
|
|
30
|
-
invalid_certificate2 = read_certificate("invalid_certificate2")
|
|
31
|
-
assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate2)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it "returns the cert when it's encoded" do
|
|
35
|
-
encoded_certificate = read_certificate("certificate.der")
|
|
36
|
-
assert_equal encoded_certificate, OneLogin::RubySaml::Utils.format_cert(encoded_certificate)
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
it "reformats the certificate when there line breaks and no headers" do
|
|
40
|
-
invalid_certificate3 = read_certificate("invalid_certificate3")
|
|
41
|
-
assert_equal formatted_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_certificate3)
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
it "returns the chained certificate when it is a valid chained certificate" do
|
|
45
|
-
assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(formatted_chained_certificate)
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
it "reformats the chained certificate when there are spaces and no line breaks" do
|
|
49
|
-
invalid_chained_certificate1 = read_certificate("invalid_chained_certificate1")
|
|
50
|
-
assert_equal formatted_chained_certificate, OneLogin::RubySaml::Utils.format_cert(invalid_chained_certificate1)
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
describe "format_private_key" do
|
|
56
|
-
let(:formatted_private_key) do
|
|
57
|
-
read_certificate("formatted_private_key")
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it "returns empty string when the private key is an empty string" do
|
|
61
|
-
private_key = ""
|
|
62
|
-
assert_equal "", OneLogin::RubySaml::Utils.format_private_key(private_key)
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
it "returns nil when the private key is nil" do
|
|
66
|
-
private_key = nil
|
|
67
|
-
assert_nil OneLogin::RubySaml::Utils.format_private_key(private_key)
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
it "returns the private key when it is valid" do
|
|
71
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_private_key)
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
it "reformats the private key when there are spaces and no line breaks" do
|
|
75
|
-
invalid_private_key1 = read_certificate("invalid_private_key1")
|
|
76
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key1)
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
it "reformats the private key when there are spaces and no headers" do
|
|
80
|
-
invalid_private_key2 = read_certificate("invalid_private_key2")
|
|
81
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key2)
|
|
82
|
-
end
|
|
83
|
-
|
|
84
|
-
it "reformats the private key when there line breaks and no headers" do
|
|
85
|
-
invalid_private_key3 = read_certificate("invalid_private_key3")
|
|
86
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_private_key3)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
describe "an RSA public key" do
|
|
90
|
-
let(:formatted_rsa_private_key) do
|
|
91
|
-
read_certificate("formatted_rsa_private_key")
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
it "returns the private key when it is valid" do
|
|
95
|
-
assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(formatted_rsa_private_key)
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
it "reformats the private key when there are spaces and no line breaks" do
|
|
99
|
-
invalid_rsa_private_key1 = read_certificate("invalid_rsa_private_key1")
|
|
100
|
-
assert_equal formatted_rsa_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key1)
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
it "reformats the private key when there are spaces and no headers" do
|
|
104
|
-
invalid_rsa_private_key2 = read_certificate("invalid_rsa_private_key2")
|
|
105
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key2)
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
it "reformats the private key when there line breaks and no headers" do
|
|
109
|
-
invalid_rsa_private_key3 = read_certificate("invalid_rsa_private_key3")
|
|
110
|
-
assert_equal formatted_private_key, OneLogin::RubySaml::Utils.format_private_key(invalid_rsa_private_key3)
|
|
111
|
-
end
|
|
112
|
-
end
|
|
113
|
-
end
|
|
114
|
-
|
|
115
|
-
describe "build_query" do
|
|
116
|
-
it "returns the query string" do
|
|
117
|
-
params = {}
|
|
118
|
-
params[:type] = "SAMLRequest"
|
|
119
|
-
params[:data] = "PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8+"
|
|
120
|
-
params[:relay_state] = "http://example.com"
|
|
121
|
-
params[:sig_alg] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
|
|
122
|
-
query_string = OneLogin::RubySaml::Utils.build_query(params)
|
|
123
|
-
assert_equal "SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBEZXN0aW5hdGlvbj0naHR0cDovL2V4YW1wbGUuY29tP2ZpZWxkPXZhbHVlJyBJRD0nXzk4NmUxZDEwLWVhY2ItMDEzMi01MGRkLTAwOTBmNWRlZGQ3NycgSXNzdWVJbnN0YW50PScyMDE1LTA2LTAxVDIwOjM0OjU5WicgVmVyc2lvbj0nMi4wJyB4bWxuczpzYW1sPSd1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uJyB4bWxuczpzYW1scD0ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sJy8%2B&RelayState=http%3A%2F%2Fexample.com&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1", query_string
|
|
124
|
-
end
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
describe "#status_error_msg" do
|
|
128
|
-
it "returns a error msg with a status message" do
|
|
129
|
-
error_msg = "The status code of the Logout Response was not Success"
|
|
130
|
-
status_code = "urn:oasis:names:tc:SAML:2.0:status:Requester"
|
|
131
|
-
status_message = "The request could not be performed due to an error on the part of the requester."
|
|
132
|
-
status_error_msg = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code, status_message)
|
|
133
|
-
assert_equal = "The status code of the Logout Response was not Success, was Requester -> The request could not be performed due to an error on the part of the requester.", status_error_msg
|
|
134
|
-
|
|
135
|
-
status_error_msg2 = OneLogin::RubySaml::Utils.status_error_msg(error_msg, status_code)
|
|
136
|
-
assert_equal = "The status code of the Logout Response was not Success, was Requester", status_error_msg2
|
|
137
|
-
|
|
138
|
-
status_error_msg3 = OneLogin::RubySaml::Utils.status_error_msg(error_msg)
|
|
139
|
-
assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
|
|
140
|
-
end
|
|
141
|
-
end
|
|
142
|
-
|
|
143
|
-
describe 'uri_match' do
|
|
144
|
-
it 'matches two urls' do
|
|
145
|
-
destination = 'http://www.example.com/test?var=stuff'
|
|
146
|
-
settings = 'http://www.example.com/test?var=stuff'
|
|
147
|
-
assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
it 'fails to match two urls' do
|
|
151
|
-
destination = 'http://www.example.com/test?var=stuff'
|
|
152
|
-
settings = 'http://www.example.com/othertest?var=stuff'
|
|
153
|
-
assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
it "matches two URLs if the scheme case doesn't match" do
|
|
157
|
-
destination = 'http://www.example.com/test?var=stuff'
|
|
158
|
-
settings = 'HTTP://www.example.com/test?var=stuff'
|
|
159
|
-
assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
160
|
-
end
|
|
161
|
-
|
|
162
|
-
it "matches two URLs if the host case doesn't match" do
|
|
163
|
-
destination = 'http://www.EXAMPLE.com/test?var=stuff'
|
|
164
|
-
settings = 'http://www.example.com/test?var=stuff'
|
|
165
|
-
assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
166
|
-
end
|
|
167
|
-
|
|
168
|
-
it "fails to match two URLs if the path case doesn't match" do
|
|
169
|
-
destination = 'http://www.example.com/TEST?var=stuff'
|
|
170
|
-
settings = 'http://www.example.com/test?var=stuff'
|
|
171
|
-
assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
172
|
-
end
|
|
173
|
-
|
|
174
|
-
it "fails to match two URLs if the query case doesn't match" do
|
|
175
|
-
destination = 'http://www.example.com/test?var=stuff'
|
|
176
|
-
settings = 'http://www.example.com/test?var=STUFF'
|
|
177
|
-
assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
178
|
-
end
|
|
179
|
-
|
|
180
|
-
it 'matches two non urls' do
|
|
181
|
-
destination = 'stuff'
|
|
182
|
-
settings = 'stuff'
|
|
183
|
-
assert OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
184
|
-
end
|
|
185
|
-
|
|
186
|
-
it "fails to match two non urls" do
|
|
187
|
-
destination = 'stuff'
|
|
188
|
-
settings = 'not stuff'
|
|
189
|
-
assert !OneLogin::RubySaml::Utils.uri_match?(destination, settings)
|
|
190
|
-
end
|
|
191
|
-
end
|
|
192
|
-
|
|
193
|
-
describe 'element_text' do
|
|
194
|
-
it 'returns the element text' do
|
|
195
|
-
element = REXML::Document.new('<element>element text</element>').elements.first
|
|
196
|
-
assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
|
|
197
|
-
end
|
|
198
|
-
|
|
199
|
-
it 'returns all segments of the element text' do
|
|
200
|
-
element = REXML::Document.new('<element>element <!-- comment -->text</element>').elements.first
|
|
201
|
-
assert_equal 'element text', OneLogin::RubySaml::Utils.element_text(element)
|
|
202
|
-
end
|
|
203
|
-
|
|
204
|
-
it 'returns normalized element text' do
|
|
205
|
-
element = REXML::Document.new('<element>element & text</element>').elements.first
|
|
206
|
-
assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
it 'returns the CDATA element text' do
|
|
210
|
-
element = REXML::Document.new('<element><![CDATA[element & text]]></element>').elements.first
|
|
211
|
-
assert_equal 'element & text', OneLogin::RubySaml::Utils.element_text(element)
|
|
212
|
-
end
|
|
213
|
-
|
|
214
|
-
it 'returns the element text with newlines and additional whitespace' do
|
|
215
|
-
element = REXML::Document.new("<element> element \n text </element>").elements.first
|
|
216
|
-
assert_equal " element \n text ", OneLogin::RubySaml::Utils.element_text(element)
|
|
217
|
-
end
|
|
218
|
-
|
|
219
|
-
it 'returns nil when element is nil' do
|
|
220
|
-
assert_nil OneLogin::RubySaml::Utils.element_text(nil)
|
|
221
|
-
end
|
|
222
|
-
|
|
223
|
-
it 'returns empty string when element has no text' do
|
|
224
|
-
element = REXML::Document.new('<element></element>').elements.first
|
|
225
|
-
assert_equal '', OneLogin::RubySaml::Utils.element_text(element)
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
end
|
|
230
|
-
end
|
|
231
|
-
end
|