samlr 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of samlr might be problematic. Click here for more details.

@@ -1,58 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::Timestamp do
4
- before { Samlr.jitter = nil }
5
- after { Samlr.jitter = nil }
6
-
7
- describe "::parse" do
8
- before { @time = ::Time.now }
9
- it "turns an iso8601 string into a time instance" do
10
- iso8601 = @time.utc.iso8601
11
- assert_equal @time.to_i, Samlr::Tools::Timestamp.parse(iso8601).to_i
12
- end
13
- end
14
-
15
- describe "::stamp" do
16
- it "converts a given time to an iso8601 string in UTC" do
17
- assert_equal "2012-08-08T18:28:38Z", Samlr::Tools::Timestamp.stamp(Time.at(1344450518))
18
- end
19
-
20
- it "defaults to a current timestamp in iso8601" do
21
- assert ::Time.iso8601(Samlr::Tools::Timestamp.stamp).is_a?(Time)
22
- end
23
- end
24
-
25
- describe "::not_on_or_after?" do
26
- describe "when no jitter is allowed" do
27
- it "disallows imprecision" do
28
- assert Samlr::Tools::Timestamp.not_on_or_after?(Time.now + 5)
29
- end
30
- end
31
-
32
- describe "when jitter is allowed" do
33
- before { Samlr.jitter = 10 }
34
-
35
- it "allows imprecision" do
36
- assert Samlr::Tools::Timestamp.not_on_or_after?(Time.now - 5)
37
- refute Samlr::Tools::Timestamp.not_on_or_after?(Time.now - 15)
38
- end
39
- end
40
- end
41
-
42
- describe "::before?" do
43
- describe "when no jitter is allowed" do
44
- it "disallows imprecision" do
45
- assert Samlr::Tools::Timestamp.not_before?(Time.now - 5)
46
- end
47
- end
48
-
49
- describe "when jitter is allowed" do
50
- before { Samlr.jitter = 10 }
51
-
52
- it "allows imprecision" do
53
- assert Samlr::Tools::Timestamp.not_before?(Time.now + 5)
54
- refute Samlr::Tools::Timestamp.not_before?(Time.now + 15)
55
- end
56
- end
57
- end
58
- end
@@ -1,100 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
- require "openssl"
3
-
4
- describe Samlr::Tools do
5
-
6
- describe "::canonicalize" do
7
- before do
8
- @fixture = fixed_saml_response.document.to_xml
9
- end
10
-
11
- it "should namespace the SignedInfo element" do
12
- path = "/samlp:Response/ds:Signature/ds:SignedInfo"
13
- assert_match '<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">', Samlr::Tools.canonicalize(@fixture, { :path => path })
14
- end
15
- end
16
-
17
- describe "::uuid" do
18
- it "generates a valid xs:ID" do
19
- assert Samlr::Tools.uuid !~ /^\d/
20
- end
21
- end
22
-
23
- describe "::algorithm" do
24
- [ 1, 384, 512 ].each do |i|
25
- describe "when fed SHA#{i}" do
26
- subject { "#sha#{i}" }
27
-
28
- it "should return the corresponding implementation" do
29
- assert_equal eval("OpenSSL::Digest::SHA#{i}"), Samlr::Tools.algorithm(subject)
30
- end
31
- end
32
- end
33
-
34
- describe "when not specified" do
35
- subject { nil }
36
-
37
- it "should default to SHA1" do
38
- assert_equal OpenSSL::Digest::SHA1, Samlr::Tools.algorithm(subject)
39
- end
40
- end
41
-
42
- describe "when not known" do
43
- subject { "sha73" }
44
-
45
- it "should default to SHA1" do
46
- assert_equal OpenSSL::Digest::SHA1, Samlr::Tools.algorithm(subject)
47
- end
48
- end
49
- end
50
-
51
- describe "::encode and ::decode" do
52
- it "compresses a string in a reversible fashion" do
53
- assert_equal "12345678", Samlr::Tools.decode(Samlr::Tools.encode("12345678"))
54
- end
55
- end
56
-
57
- describe "::validate" do
58
- subject { saml_response_document(:certificate => TEST_CERTIFICATE) }
59
-
60
- it "returns true for valid documents" do
61
- assert Samlr::Tools.validate(:document => subject)
62
- end
63
-
64
- it "returns false for invalid documents" do
65
- mangled = subject.gsub("Assertion", "AyCaramba")
66
- refute Samlr::Tools.validate(:document => mangled)
67
- end
68
-
69
- it "does not change the working directory" do
70
- path = Dir.pwd
71
- assert Samlr::Tools.validate(:document => subject)
72
- assert_equal path, Dir.pwd
73
- end
74
- end
75
-
76
- describe "::validate!" do
77
- subject { saml_response_document(:certificate => TEST_CERTIFICATE) }
78
-
79
- it "returns true for valid documents" do
80
- assert Samlr::Tools.validate!(:document => subject)
81
- end
82
-
83
- it "raises for invalid documents" do
84
- mangled = subject.gsub("Assertion", "AyCaramba")
85
-
86
- begin
87
- Samlr::Tools.validate!(:document => mangled)
88
- flunk "Errors expected"
89
- rescue Samlr::FormatError => e
90
- assert_equal "Schema validation failed", e.message
91
- end
92
- end
93
-
94
- it "does not change the working directory" do
95
- path = Dir.pwd
96
- assert Samlr::Tools.validate!(:document => subject)
97
- assert_equal path, Dir.pwd
98
- end
99
- end
100
- end
@@ -1,41 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::CertificateBuilder do
4
- before { @certificate = TEST_CERTIFICATE }
5
-
6
- it "provides a certificate" do
7
- assert_equal OpenSSL::X509::Certificate, @certificate.x509.class
8
- end
9
-
10
- describe "#verify" do
11
- it "verifies its own signature" do
12
- assert @certificate.verify(@certificate.sign("12345678"), "12345678")
13
- end
14
- end
15
-
16
- describe "serialization" do
17
- before do
18
- @path = Dir.tmpdir
19
- Dir.glob("#{@path}/*.pem").map { |f| File.unlink(f) }
20
- end
21
-
22
- describe "self#dump" do
23
- before { Samlr::Tools::CertificateBuilder.dump(@path, @certificate) }
24
-
25
- it "creates a key file and a certificate file on disk" do
26
- state = Dir.glob("#{@path}/*.pem")
27
- assert_equal 2, state.size
28
- end
29
-
30
- describe "#load" do
31
- before { @loaded = Samlr::Tools::CertificateBuilder.load(@path) }
32
-
33
- it "verified the signature signed by the unserialized certificate" do
34
- assert @loaded.verify(@certificate.sign("12345678"), "12345678")
35
- assert @certificate.verify(@loaded.sign("12345678"), "12345678")
36
- end
37
- end
38
- end
39
-
40
- end
41
- end
@@ -1,26 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::LogoutRequestBuilder do
4
- describe "#build" do
5
- before do
6
- @xml = Samlr::Tools::LogoutRequestBuilder.build(
7
- :issuer => "https://sp.example.com/saml2",
8
- :name_id => "test@test.com"
9
- )
10
-
11
- @doc = Nokogiri::XML(@xml) { |c| c.strict }
12
- end
13
-
14
- it "generates a request document" do
15
- assert_equal "LogoutRequest", @doc.root.name
16
-
17
- issuer = @doc.root.at("./saml:Issuer", Samlr::NS_MAP)
18
- assert_equal "https://sp.example.com/saml2", issuer.text
19
- end
20
-
21
- it "validates against schemas" do
22
- result = Samlr::Tools.validate(:document => @xml)
23
- assert result
24
- end
25
- end
26
- end
@@ -1,26 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::MetadataBuilder do
4
- describe "#build" do
5
- before do
6
- @xml = Samlr::Tools::MetadataBuilder.build({
7
- :entity_id => "https://sp.example.com/saml2",
8
- :name_identity_format => "identity_format",
9
- :consumer_service_url => "https://support.sp.example.com/"
10
- })
11
-
12
- @doc = Nokogiri::XML(@xml) { |c| c.strict }
13
- end
14
-
15
- it "generates a metadata document" do
16
- assert_equal "EntityDescriptor", @doc.root.name
17
- assert_equal "identity_format", @doc.at("//md:NameIDFormat", { "md" => Samlr::NS_MAP["md"] }).text
18
- end
19
-
20
- it "validates against schemas" do
21
- result = Samlr::Tools.validate(:document => @xml, :schema => Samlr::META_SCHEMA)
22
- assert result
23
- end
24
-
25
- end
26
- end
@@ -1,35 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::RequestBuilder do
4
- describe "#build" do
5
- before do
6
- @xml = Samlr::Tools::RequestBuilder.build({
7
- :issuer => "https://sp.example.com/saml2",
8
- :name_identity_format => "identity_format",
9
- :allow_create => "true",
10
- :consumer_service_url => "https://support.sp.example.com/",
11
- :authn_context => "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
12
- })
13
-
14
- @doc = Nokogiri::XML(@xml) { |c| c.strict }
15
- end
16
-
17
- it "generates a request document" do
18
- assert_equal "AuthnRequest", @doc.root.name
19
- assert_equal "https://support.sp.example.com/", @doc.root["AssertionConsumerServiceURL"]
20
-
21
- issuer = @doc.root.at("./saml:Issuer", Samlr::NS_MAP)
22
- assert_equal "https://sp.example.com/saml2", issuer.text
23
-
24
- name_id_policy = @doc.root.at("./samlp:NameIDPolicy", Samlr::NS_MAP)
25
- assert_equal "true", name_id_policy["AllowCreate"]
26
- assert_equal "identity_format", name_id_policy["Format"]
27
- end
28
-
29
- it "validates against schemas" do
30
- result = Samlr::Tools.validate(:document => @xml)
31
- assert result
32
- end
33
-
34
- end
35
- end
@@ -1,19 +0,0 @@
1
- require File.expand_path("test/test_helper")
2
-
3
- describe Samlr::Tools::ResponseBuilder do
4
- before { @certificate = TEST_CERTIFICATE }
5
-
6
- describe "#fixture" do
7
- subject { saml_response_document(:certificate => @certificate) }
8
-
9
- it "generates a fully valid response document" do
10
- response = Samlr::Response.new(subject, :certificate => @certificate.x509)
11
- assert response.verify!
12
- end
13
-
14
- it "validates against schemas" do
15
- result = Samlr::Tools.validate(:document => subject)
16
- assert result
17
- end
18
- end
19
- end