ruby-saml 0.8.11 → 0.8.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 10ec0e5a4a9fc6a7f65613599597cef7ae8b8293
4
- data.tar.gz: 0b63798d5d6b78e3073ccb899e355e6aa0134648
5
- SHA512:
6
- metadata.gz: 1883986a5fd1b3925e6745bf7d259a907c656d36958efe50dfb760192c8273a3723b76344ee542a3a07b84da677808fad850b8bd272d949c5ce7fcd8c171a881
7
- data.tar.gz: 8538b7c75961e99186b320ff1425fb82fa0c759e3e7267eaad76659adf9f0ba98249207122092dbc383f464c1c600b03a37f010d5a3e8bfa7fbb6fba0aaa8915
1
+ ---
2
+ SHA512:
3
+ metadata.gz: 8a2479b6725a5a9e7fdc76a4bec612e2f0c66cf53cbb79ff7c1dc0343d1cc56c09e9fd3b2d3490bdacbb09b16b473702d42fa42fdb6fedff6e7fa5a44fa421a2
4
+ data.tar.gz: 43b1cfb12dc3fc14a2cbc139430e3ad15b975dca0d95d0d8c14363f362833de181a52ca10b8b607215c4b5aa23ffa62f2d8f3a3b2c9b5541e9387c635ca77150
5
+ SHA256:
6
+ metadata.gz: 694ade703ed05cc38aa2ca98cbfee57cc16223991ae6539422c136164cf29608
7
+ data.tar.gz: ee07b69a9391b26c9af95d0cfdbaa57c8991fa187b869660e15c549fcbbe47e3
data/Gemfile CHANGED
@@ -7,10 +7,13 @@ gemspec
7
7
 
8
8
  if RUBY_VERSION < '1.9'
9
9
  gem 'nokogiri', '~> 1.5.0'
10
+ gem 'minitest', '~> 5.5', '<= 5.11.3'
10
11
  elsif RUBY_VERSION < '2.1'
11
12
  gem 'nokogiri', '>= 1.5.0', '<= 1.6.8.1'
13
+ gem 'minitest', '~> 5.5'
12
14
  else
13
15
  gem 'nokogiri', '>= 1.5.0'
16
+ gem 'minitest', '~> 5.5'
14
17
  end
15
18
 
16
19
  group :test do
@@ -30,6 +33,5 @@ group :test do
30
33
  gem 'shoulda', '~> 2.11'
31
34
  gem 'systemu', '~> 2'
32
35
  gem 'test-unit', '~> 3.0.9'
33
- gem 'minitest', '~> 5.5'
34
36
  gem 'timecop', '<= 0.6.0'
35
37
  end
data/Rakefile CHANGED
@@ -25,17 +25,3 @@ end
25
25
  task :test
26
26
 
27
27
  task :default => :test
28
-
29
- # require 'rake/rdoctask'
30
- # Rake::RDocTask.new do |rdoc|
31
- # if File.exist?('VERSION')
32
- # version = File.read('VERSION')
33
- # else
34
- # version = ""
35
- # end
36
-
37
- # rdoc.rdoc_dir = 'rdoc'
38
- # rdoc.title = "ruby-saml #{version}"
39
- # rdoc.rdoc_files.include('README*')
40
- # rdoc.rdoc_files.include('lib/**/*.rb')
41
- #end
@@ -149,13 +149,13 @@ module OneLogin
149
149
  end
150
150
 
151
151
  def validate(soft = true)
152
- validate_success_status &&
153
- validate_num_assertion &&
154
- validate_signed_elements &&
155
- validate_structure(soft) &&
156
- validate_response_state(soft) &&
157
- validate_conditions(soft) &&
158
- validate_audience(soft) &&
152
+ validate_structure(soft) &&
153
+ validate_success_status(soft) &&
154
+ validate_num_assertion &&
155
+ validate_signed_elements(soft) &&
156
+ validate_response_state(soft) &&
157
+ validate_conditions(soft) &&
158
+ validate_audience(soft) &&
159
159
  document.validate_document(get_fingerprint, soft) &&
160
160
  success?
161
161
  end
@@ -175,10 +175,6 @@ module OneLogin
175
175
  { "a" => ASSERTION }
176
176
  )
177
177
 
178
- unless assertions.size != 0
179
- return soft ? false : validation_error("Encrypted assertion is not supported")
180
- end
181
-
182
178
  unless assertions.size + encrypted_assertions.size == 1
183
179
  return soft ? false : validation_error("SAML Response must contain 1 assertion")
184
180
  end
@@ -190,7 +186,7 @@ module OneLogin
190
186
  # @return [Boolean] True if there is 1 or 2 Elements signed in the SAML Response
191
187
  # an are a Response or an Assertion Element, otherwise False if soft=True
192
188
  #
193
- def validate_signed_elements
189
+ def validate_signed_elements(soft)
194
190
  signature_nodes = REXML::XPath.match(
195
191
  document,
196
192
  "//ds:Signature",
@@ -249,7 +245,7 @@ module OneLogin
249
245
  # @return [Boolean] True if the SAML Response contains a Success code, otherwise False if soft == false
250
246
  # @raise [ValidationError] if soft == false and validation fails
251
247
  #
252
- def validate_success_status
248
+ def validate_success_status(soft = true)
253
249
  return true if success?
254
250
 
255
251
  return false unless soft
@@ -298,6 +294,21 @@ module OneLogin
298
294
  end
299
295
  end
300
296
 
297
+ # @return [String] the StatusMessage value from a SAML Response.
298
+ #
299
+ def status_message
300
+ @status_message ||= begin
301
+ nodes = REXML::XPath.match(
302
+ document,
303
+ "/p:Response/p:Status/p:StatusMessage",
304
+ { "p" => PROTOCOL }
305
+ )
306
+ if nodes.size == 1
307
+ Utils.element_text(nodes.first)
308
+ end
309
+ end
310
+ end
311
+
301
312
  def validate_structure(soft = true)
302
313
  Dir.chdir(File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'schemas'))) do
303
314
  @schema = Nokogiri::XML::Schema(IO.read('saml20protocol_schema.xsd'))
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '0.8.11'
3
+ VERSION = '0.8.12'
4
4
  end
5
5
  end
@@ -212,10 +212,9 @@ module XMLSecurity
212
212
  # create a working copy so we don't modify the original
213
213
  @working_copy ||= REXML::Document.new(self.to_s).root
214
214
 
215
- # store and remove signature node
215
+ # store signature node
216
216
  @sig_element ||= begin
217
217
  element = REXML::XPath.first(@working_copy, "//ds:Signature", {"ds"=>DSIG})
218
- element.remove
219
218
  end
220
219
 
221
220
  # verify signature
@@ -1,5 +1,4 @@
1
1
  require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
- require 'uuid'
3
2
 
4
3
  class LogoutRequestTest < Minitest::Test
5
4
 
@@ -29,7 +28,7 @@ class LogoutRequestTest < Minitest::Test
29
28
  end
30
29
 
31
30
  it "set sessionindex" do
32
- sessionidx = UUID.new.generate
31
+ sessionidx = random_id
33
32
  settings.sessionindex = sessionidx
34
33
 
35
34
  unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :name_id => "there" })
@@ -78,169 +77,168 @@ class LogoutRequestTest < Minitest::Test
78
77
  assert_match %r[ID='#{unauth_req.uuid}'], inflated
79
78
  end
80
79
  end
81
- end
82
80
 
83
- describe "when the settings indicate to sign (embedded) logout request" do
84
81
 
85
- before do
86
- # sign the logout request
87
- settings.security[:logout_requests_signed] = true
88
- settings.security[:embed_sign] = true
89
- settings.certificate = ruby_saml_cert_text
90
- settings.private_key = ruby_saml_key_text
91
- end
82
+ describe "when the settings indicate to sign (embedded) logout request" do
92
83
 
93
- it "doesn't sign through create_xml_document" do
94
- unauth_req = OneLogin::RubySaml::Logoutrequest.new
95
- inflated = unauth_req.create_xml_document(settings).to_s
84
+ before do
85
+ # sign the logout request
86
+ settings.security[:logout_requests_signed] = true
87
+ settings.security[:embed_sign] = true
88
+ settings.certificate = ruby_saml_cert_text
89
+ settings.private_key = ruby_saml_key_text
90
+ end
96
91
 
97
- refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
98
- refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
99
- refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
100
- end
92
+ it "doesn't sign through create_xml_document" do
93
+ unauth_req = OneLogin::RubySaml::Logoutrequest.new
94
+ inflated = unauth_req.create_xml_document(settings).to_s
101
95
 
102
- it "sign unsigned request" do
103
- unauth_req = OneLogin::RubySaml::Logoutrequest.new
104
- unauth_req_doc = unauth_req.create_xml_document(settings)
105
- inflated = unauth_req_doc.to_s
96
+ refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
97
+ refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
98
+ refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
99
+ end
106
100
 
107
- refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
108
- refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
109
- refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
101
+ it "sign unsigned request" do
102
+ unauth_req = OneLogin::RubySaml::Logoutrequest.new
103
+ unauth_req_doc = unauth_req.create_xml_document(settings)
104
+ inflated = unauth_req_doc.to_s
110
105
 
111
- inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
106
+ refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
107
+ refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
108
+ refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
112
109
 
113
- assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
114
- assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
115
- assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
116
- end
110
+ inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
117
111
 
118
- it "signs through create_logout_request_xml_doc" do
119
- unauth_req = OneLogin::RubySaml::Logoutrequest.new
120
- inflated = unauth_req.create_logout_request_xml_doc(settings).to_s
112
+ assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
113
+ assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
114
+ assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
115
+ end
121
116
 
122
- assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
123
- assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
124
- assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
125
- end
117
+ it "signs through create_logout_request_xml_doc" do
118
+ unauth_req = OneLogin::RubySaml::Logoutrequest.new
119
+ inflated = unauth_req.create_logout_request_xml_doc(settings).to_s
126
120
 
127
- it "created a signed logout request" do
128
- settings.compress_request = true
121
+ assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
122
+ assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
123
+ assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
124
+ end
129
125
 
130
- unauth_req = OneLogin::RubySaml::Logoutrequest.new
131
- unauth_url = unauth_req.create(settings)
126
+ it "created a signed logout request" do
127
+ settings.compress_request = true
132
128
 
133
- inflated = decode_saml_request_payload(unauth_url)
134
- assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
135
- assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
136
- assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
137
- end
129
+ unauth_req = OneLogin::RubySaml::Logoutrequest.new
130
+ unauth_url = unauth_req.create(settings)
131
+
132
+ inflated = decode_saml_request_payload(unauth_url)
133
+ assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
134
+ assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
135
+ assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
136
+ end
138
137
 
139
- it "create a signed logout request with 256 digest and signature method" do
140
- settings.compress_request = false
141
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
142
- settings.security[:digest_method] = XMLSecurity::Document::SHA256
138
+ it "create a signed logout request with 256 digest and signature method" do
139
+ settings.compress_request = false
140
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
141
+ settings.security[:digest_method] = XMLSecurity::Document::SHA256
143
142
 
144
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
145
- request_xml = Base64.decode64(params["SAMLRequest"])
143
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
144
+ request_xml = Base64.decode64(params["SAMLRequest"])
146
145
 
147
- assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
148
- assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
149
- assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>], request_xml
150
- end
146
+ assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
147
+ assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
148
+ assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>], request_xml
149
+ end
151
150
 
152
- it "create a signed logout request with 512 digest and signature method RSA_SHA384" do
153
- settings.compress_request = false
154
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
155
- settings.security[:digest_method] = XMLSecurity::Document::SHA512
151
+ it "create a signed logout request with 512 digest and signature method RSA_SHA384" do
152
+ settings.compress_request = false
153
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
154
+ settings.security[:digest_method] = XMLSecurity::Document::SHA512
156
155
 
157
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
158
- request_xml = Base64.decode64(params["SAMLRequest"])
156
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
157
+ request_xml = Base64.decode64(params["SAMLRequest"])
159
158
 
160
- assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
161
- assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'/>], request_xml
162
- assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha512'/>], request_xml
159
+ assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
160
+ assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'/>], request_xml
161
+ assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha512'/>], request_xml
162
+ end
163
163
  end
164
- end
165
164
 
166
- describe "#create_params when the settings indicate to sign the logout request" do
165
+ describe "#create_params when the settings indicate to sign the logout request" do
167
166
 
168
- let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
167
+ let(:cert) { OpenSSL::X509::Certificate.new(ruby_saml_cert_text) }
169
168
 
170
- before do
171
- # sign the logout request
172
- settings.security[:logout_requests_signed] = true
173
- settings.security[:embed_sign] = false
174
- settings.certificate = ruby_saml_cert_text
175
- settings.private_key = ruby_saml_key_text
176
- end
169
+ before do
170
+ # sign the logout request
171
+ settings.security[:logout_requests_signed] = true
172
+ settings.security[:embed_sign] = false
173
+ settings.certificate = ruby_saml_cert_text
174
+ settings.private_key = ruby_saml_key_text
175
+ end
177
176
 
178
- it "create a signature parameter with RSA_SHA1 / SHA1 and validate it" do
179
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
177
+ it "create a signature parameter with RSA_SHA1 / SHA1 and validate it" do
178
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
180
179
 
181
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
182
- assert params['SAMLRequest']
183
- assert params[:RelayState]
184
- assert params['Signature']
185
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
180
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
181
+ assert params['SAMLRequest']
182
+ assert params[:RelayState]
183
+ assert params['Signature']
184
+ assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
186
185
 
187
- query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
188
- query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
189
- query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
186
+ query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
187
+ query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
188
+ query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
190
189
 
191
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
192
- assert_equal signature_algorithm, OpenSSL::Digest::SHA1
193
- assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
194
- end
190
+ signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
191
+ assert_equal signature_algorithm, OpenSSL::Digest::SHA1
192
+ assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
193
+ end
195
194
 
196
- it "create a signature parameter with RSA_SHA256 / SHA256 and validate it" do
197
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
195
+ it "create a signature parameter with RSA_SHA256 / SHA256 and validate it" do
196
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
198
197
 
199
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
200
- assert params['Signature']
201
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
198
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
199
+ assert params['Signature']
200
+ assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
202
201
 
203
- query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
204
- query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
205
- query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
202
+ query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
203
+ query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
204
+ query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
206
205
 
207
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
208
- assert_equal signature_algorithm, OpenSSL::Digest::SHA256
209
- assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
210
- end
206
+ signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
207
+ assert_equal signature_algorithm, OpenSSL::Digest::SHA256
208
+ assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
209
+ end
211
210
 
212
- it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
213
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
211
+ it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
212
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
214
213
 
215
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
216
- assert params['Signature']
217
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
214
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
215
+ assert params['Signature']
216
+ assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
218
217
 
219
- query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
220
- query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
221
- query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
218
+ query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
219
+ query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
220
+ query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
222
221
 
223
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
224
- assert_equal signature_algorithm, OpenSSL::Digest::SHA384
225
- assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
226
- end
222
+ signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
223
+ assert_equal signature_algorithm, OpenSSL::Digest::SHA384
224
+ assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
225
+ end
227
226
 
228
- it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
229
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
227
+ it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
228
+ settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
230
229
 
231
- params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
232
- assert params['Signature']
233
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
230
+ params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
231
+ assert params['Signature']
232
+ assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
234
233
 
235
- query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
236
- query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
237
- query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
234
+ query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
235
+ query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
236
+ query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
238
237
 
239
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
240
- assert_equal signature_algorithm, OpenSSL::Digest::SHA512
241
- assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
238
+ signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
239
+ assert_equal signature_algorithm, OpenSSL::Digest::SHA512
240
+ assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
241
+ end
242
242
  end
243
-
244
243
  end
245
-
246
244
  end