ruby-saml 0.8.18 → 0.9

data/test/slo_logoutresponse_test.rb

@@ -1,245 +1,146 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
-class SloLogoutresponseTest < Minitest::Test
+class SloLogoutresponseTest < Test::Unit::TestCase
 
-  describe "SloLogoutresponse" do
+  context "SloLogoutresponse" do
+    settings = OneLogin::RubySaml::Settings.new
 
-    let(:settings) { OneLogin::RubySaml::Settings.new }
-
-    before do
+    should "create the deflated SAMLResponse URL parameter" do
       settings.idp_slo_target_url = "http://unauth.com/logout"
       settings.name_identifier_value = "f00f00"
       settings.compress_request = true
-      settings.certificate = ruby_saml_cert_text
-      settings.private_key = ruby_saml_key_text
-    end
 
-    it "create the deflated SAMLResponse URL parameter" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings)
-      assert_match /^http:\/\/unauth\.com\/logout\?SAMLResponse=/, unauth_url
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
 
-      inflated = decode_saml_response_payload(unauth_url)
-      assert_match /^<samlp:LogoutResponse/, inflated
-    end
+      assert request.is_valid?
 
-    it "support additional params" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :hello => nil })
-      assert_match /&hello=$/, unauth_url
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id)
+      assert unauth_url =~ /^http:\/\/unauth\.com\/logout\?SAMLResponse=/
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :foo => "bar" })
-      assert_match /&foo=bar$/, unauth_url
+      inflated = decode_saml_response_payload(unauth_url)
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => "http://idp.example.com" })
-      assert_match /&RelayState=http%3A%2F%2Fidp.example.com$/, unauth_url
+      assert_match /^<samlp:LogoutResponse/, inflated
     end
 
-    it "RelayState cases" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => nil })
-      assert !unauth_url.include?('RelayState')
+    should "support additional params" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { :RelayState => "http://example.com" })
-      assert unauth_url.include?('&RelayState=http%3A%2F%2Fexample.com')
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { 'RelayState' => nil })
-      assert !unauth_url.include?('RelayState')
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :hello => nil })
+      assert unauth_url =~ /&hello=$/
 
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, nil, { 'RelayState' => "http://example.com" })
-      assert unauth_url.include?('&RelayState=http%3A%2F%2Fexample.com')
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :foo => "bar" })
+      assert unauth_url =~ /&foo=bar$/
+
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, nil, { :RelayState => "http://idp.example.com" })
+      assert unauth_url =~ /&RelayState=http%3A%2F%2Fidp.example.com$/
     end
 
-    it "set InResponseTo to the ID from the logout request" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, '_c0348950-935b-0131-1060-782bcb56fcaa')
+    should "set InResponseTo to the ID from the logout request" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
+
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id)
 
       inflated = decode_saml_response_payload(unauth_url)
+
       assert_match /InResponseTo='_c0348950-935b-0131-1060-782bcb56fcaa'/, inflated
     end
 
-    it "set a custom successful logout message on the response" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, "Custom Logout Message")
-
-      inflated = decode_saml_response_payload(unauth_url)
-      assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
-    end
+    should "set a custom successful logout message on the response" do
+      settings.idp_slo_target_url = "http://unauth.com/logout"
+      settings.name_identifier_value = "f00f00"
+      settings.compress_request = true
 
-    it "set a custom logout message and an status on the response" do
-      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, nil, "Custom Logout Message", {}, "urn:oasis:names:tc:SAML:2.0:status:PartialLogout")
+      request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+      unauth_url = OneLogin::RubySaml::SloLogoutresponse.new.create(settings, request.id, "Custom Logout Message")
 
       inflated = decode_saml_response_payload(unauth_url)
+
       assert_match /<samlp:StatusMessage>Custom Logout Message<\/samlp:StatusMessage>/, inflated
-      assert_match /<samlp:StatusCode Value='urn:oasis:names:tc:SAML:2.0:status:PartialLogout/, inflated
     end
 
-    describe "when the settings indicate to sign (embedded) logout response" do
-
-      before do
+    context "when the settings indicate to sign (embebed) the logout response" do
+      should "create a signed logout response" do
+        settings = OneLogin::RubySaml::Settings.new
         settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = true
-      end
-
-      it "doesn't sign through create_xml_document" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        inflated = unauth_res.create_xml_document(settings).to_s
-
-        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-      it "sign unsigned request" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        unauth_res_doc = unauth_res.create_xml_document(settings)
-        inflated = unauth_res_doc.to_s
-
-        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-
-        inflated = unauth_res.sign_document(unauth_res_doc, settings).to_s
-
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
-
-      it "signs through create_logout_response_xml_doc" do
-        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
-        inflated = unauth_res.create_logout_response_xml_doc(settings).to_s
-
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
-        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
-      end
-
-      it "create a signed logout response" do
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
 
         response_xml = Base64.decode64(params["SAMLResponse"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#sha1'\/>/, response_xml
+        response_xml =~ /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
+        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
       end
 
-      it "create a signed logout response with 256 digest and signature methods" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-        settings.security[:digest_method] = XMLSecurity::Document::SHA256
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
-
-        response_xml = Base64.decode64(params["SAMLResponse"])
-        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256'\/>/, response_xml
-      end
-
-      it "create a signed logout response with 512 digest and signature method RSA_SHA384" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
+      should "create a signed logout response with 256 digest and signature methods" do
+        settings = OneLogin::RubySaml::Settings.new
+        settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
+        settings.security[:logout_responses_signed] = true
+        settings.security[:embed_sign] = true
+        settings.security[:signature_method] = XMLSecurity::Document::SHA256
         settings.security[:digest_method] = XMLSecurity::Document::SHA512
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message")
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
 
         response_xml = Base64.decode64(params["SAMLResponse"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
-        assert_match /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha384'\/>/, response_xml
-        assert_match /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmlenc#sha512'\/>/, response_xml
+        response_xml =~ /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256'\/>/
+        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha512'\/>/
       end
     end
 
-    describe "#create_params when the settings indicate to sign the logout response" do
-
-      let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
-
-      before do
+    context "when the settings indicate to sign the logout response" do
+      should "create a signature parameter" do
+        settings = OneLogin::RubySaml::Settings.new
         settings.compress_response = false
+        settings.idp_slo_target_url = "http://example.com?field=value"
+        settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = false
-      end
-
-      it "create a signature parameter with RSA_SHA1 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
+        settings.security[:signature_method] = XMLSecurity::Document::SHA1
+        settings.certificate  = ruby_saml_cert_text
+        settings.private_key = ruby_saml_key_text
 
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
+        request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA1
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
+        assert params['SigAlg'] == XMLSecurity::Document::SHA1
 
-      it "create a signature parameter with RSA_SHA256 /SHA256 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
+        # signature_method only affects the embedeed signature
+        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
-
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA256
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
+        assert params['SigAlg'] == XMLSecurity::Document::SHA1
       end
+    end
 
-      it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
-        assert params['Signature']
-
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
-
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
-
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA384
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
-
-      it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
-        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
-
-        params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, nil, "Custom Logout Message", :RelayState => 'http://example.com')
-        assert params['SAMLResponse']
-        assert params[:RelayState]
-        assert params['Signature']
-
-        assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
+  end
 
-        query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
-        query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
-        query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
+  def decode_saml_response_payload(unauth_url)
+    payload = CGI.unescape(unauth_url.split("SAMLResponse=").last)
+    decoded = Base64.decode64(payload)
 
-        signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
-        assert_equal signature_algorithm, OpenSSL::Digest::SHA512
-        assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
-      end
-    end
-
-    describe "#manipulate response_id" do
-      it "be able to modify the response id" do
-        logoutresponse = OneLogin::RubySaml::SloLogoutresponse.new
-        response_id = logoutresponse.response_id
-        assert_equal response_id, logoutresponse.uuid
-        logoutresponse.uuid = "new_uuid"
-        assert_equal logoutresponse.response_id, logoutresponse.uuid
-        assert_equal "new_uuid", logoutresponse.response_id
-      end
-    end
+    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+    inflated = zstream.inflate(decoded)
+    zstream.finish
+    zstream.close
+    inflated
   end
+
 end

data/test/test_helper.rb

@@ -1,14 +1,9 @@
 require 'rubygems'
-require 'minitest/autorun'
-require 'shoulda'
+require 'bundler'
+require 'test/unit'
 require 'mocha/setup'
-require 'timecop'
 
-if RUBY_VERSION < '1.9'
-  require 'uuid'
-else
-  require 'securerandom'
-end
+Bundler.require :default, :test
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
@@ -16,7 +11,7 @@ require 'ruby-saml'
 
 ENV["ruby-saml/testing"] = "1"
 
-class Minitest::Test
+class Test::Unit::TestCase
   def fixture(document, base64 = true)
     response = Dir.glob(File.join(File.dirname(__FILE__), "responses", "#{document}*")).first
     if base64 && response =~ /\.xml$/
@@ -26,48 +21,32 @@ class Minitest::Test
     end
   end
 
-  def random_id
-    RUBY_VERSION < '1.9' ? "_#{UUID.new.generate}" : "_#{SecureRandom.uuid}"
-  end
-
-  def read_invalid_response(response)
-    File.read(File.join(File.dirname(__FILE__), "responses", "invalids", response))
-  end
-
-  def read_response(response)
-    File.read(File.join(File.dirname(__FILE__), "responses", response))
-  end
-
-  def read_certificate(certificate)
-    File.read(File.join(File.dirname(__FILE__), "certificates", certificate))
-  end
-
   def response_document
-    @response_document ||= read_response('response1.xml.base64')
+    @response_document ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response1.xml.base64'))
   end
 
   def response_document_2
-    @response_document2 ||= read_response('response2.xml.base64')
+    @response_document2 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response2.xml.base64'))
   end
 
   def response_document_3
-    @response_document3 ||= read_response('response3.xml.base64')
+    @response_document3 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response3.xml.base64'))
   end
 
   def response_document_4
-    @response_document4 ||= read_response('response4.xml.base64')
+    @response_document4 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response4.xml.base64'))
   end
 
   def response_document_5
-    @response_document5 ||= read_response('response5.xml.base64')
+    @response_document5 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response5.xml.base64'))
   end
 
   def r1_response_document_6
-    @response_document6 ||= read_response('r1_response6.xml.base64')
+    @response_document6 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'r1_response6.xml.base64'))
   end
 
   def ampersands_response
-    @ampersands_resposne ||= read_response('response_with_ampersands.xml.base64')
+    @ampersands_response ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response_with_ampersands.xml.base64'))
   end
 
   def response_document_6
@@ -77,20 +56,8 @@ class Minitest::Test
     Base64.encode64(doc)
   end
 
-  def response_document_wrapped
-    @response_document_wrapped ||= read_response("response_wrapped.xml.base64")
-  end
-
-  def response_document_valid_signed
-    response_document_valid_signed ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'valid_response.xml.base64'))
-  end
-
-  def response_document_valid_signed_without_x509certificate
-    @response_document_valid_signed_without_x509certificate ||= read_response("valid_response_without_x509certificate.xml.base64")
-  end
-
-  def response_document_without_recipient
-    @response_document_without_recipient ||= read_response("response_with_undefined_recipient.xml.base64")
+  def response_document_7
+    @response_document7 ||= Base64.encode64(File.read(File.join(File.dirname(__FILE__), 'responses', 'response_no_cert_and_encrypted_attrs.xml')))
   end
 
   def wrapped_response_2
@@ -101,87 +68,45 @@ class Minitest::Test
     @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
   end
 
-  def signature_fingerprint_valid_res
-    @signature_fingerprint1 ||= "4b68c453c7d994aad9025c99d5efcf566287fe8d"
-  end
-
   def signature_1
-    @signature1 ||= read_certificate('certificate1')
+    @signature1 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'certificate1'))
   end
 
   def r1_signature_2
-    @signature2 ||= read_certificate('r1_certificate2_base64')
+    @signature2 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'r1_certificate2_base64'))
   end
 
-  def valid_cert
-    @signature_valid_cert ||= read_certificate('ruby-saml.crt')
+  def idp_metadata
+    @idp_metadata ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'idp_descriptor.xml'))
   end
 
-  def valid_key
-    @signature_valid_cert ||= read_certificate('ruby-saml.key')
-  end
-
-  def response_with_multiple_attribute_statements
-    @response_with_multiple_attribute_statements = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_statements))
-  end
-
-  def response_multiple_attr_values
-    @response_multiple_attr_values = OneLogin::RubySaml::Response.new(fixture(:response_with_multiple_attribute_values))
+  def logout_request_document
+    unless @logout_request_document
+      xml = File.read(File.join(File.dirname(__FILE__), 'responses', 'slo_request.xml'))
+      deflated = Zlib::Deflate.deflate(xml, 9)[2..-5]
+      @logout_request_document = Base64.encode64(deflated)
+    end
+    @logout_request_document
   end
 
   def ruby_saml_cert
     @ruby_saml_cert ||= OpenSSL::X509::Certificate.new(ruby_saml_cert_text)
   end
 
-  def ruby_saml_cert2
-    @ruby_saml_cert2 ||= OpenSSL::X509::Certificate.new(ruby_saml_cert_text2)
-  end
-
   def ruby_saml_cert_fingerprint
     @ruby_saml_cert_fingerprint ||= Digest::SHA1.hexdigest(ruby_saml_cert.to_der).scan(/../).join(":")
   end
 
   def ruby_saml_cert_text
-    read_certificate("ruby-saml.crt")
-  end
-
-  def ruby_saml_cert_text2
-    read_certificate("ruby-saml-2.crt")
-  end
-
-  def ruby_saml_key_text
-    read_certificate("ruby-saml.key")
+    File.read(File.join(File.dirname(__FILE__), 'certificates', 'ruby-saml.crt'))
   end
 
   def ruby_saml_key
     @ruby_saml_key ||= OpenSSL::PKey::RSA.new(ruby_saml_key_text)
   end
 
-  def read_certificate(certificate)
-    File.read(File.join(File.dirname(__FILE__), "certificates", certificate))
-  end
-
-  def decode_saml_request_payload(unauth_url)
-    payload = CGI.unescape(unauth_url.split("SAMLRequest=").last)
-    decoded = Base64.decode64(payload)
-
-    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
-    inflated = zstream.inflate(decoded)
-    zstream.finish
-    zstream.close
-    inflated
+  def ruby_saml_key_text
+    File.read(File.join(File.dirname(__FILE__), 'certificates', 'ruby-saml.key'))
   end
 
-  # decodes a base64 encoded SAML response for use in SloLogoutresponse tests
-  #
-  def decode_saml_response_payload(unauth_url)
-    payload = CGI.unescape(unauth_url.split("SAMLResponse=").last)
-    decoded = Base64.decode64(payload)
-
-    zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
-    inflated = zstream.inflate(decoded)
-    zstream.finish
-    zstream.close
-    inflated
-  end
 end