Same code as authnrequest, logoutrequest for logoutresponse

SAML-Toolkits · Sep 27, 2018 · b157df0 · b157df0
1 parent 926b149
commit b157df0
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 3 deletions.
diff --git a/lib/onelogin/ruby-saml/slo_logoutresponse.rb b/lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -97,6 +97,11 @@ def create_params(settings, request_id = nil, logout_message = nil, params = {})
       # @return [String] The SAMLResponse String.
       #
       def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
+        document = create_xml_document(settings, request_id, logout_message)
+        sign_document(document, settings)
+      end
+
+      def create_xml_document(settings, request_id = nil, logout_message = nil)
         time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
 
         response_doc = XMLSecurity::Document.new
@@ -126,14 +131,18 @@ def create_logout_response_xml_doc(settings, request_id = nil, logout_message =
         status_message = status.add_element 'samlp:StatusMessage'
         status_message.text = logout_message
 
+        response_doc
+      end
+
+      def sign_document(document, settings)
         # embed signature
         if settings.security[:logout_responses_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
           private_key = settings.get_sp_key
           cert = settings.get_sp_cert
-          response_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
+          document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
         end
 
-        response_doc
+        document
       end
 
     end

diff --git a/test/logoutrequest_test.rb b/test/logoutrequest_test.rb
@@ -104,7 +104,7 @@ class RequestTest < Minitest::Test
         settings.private_key = ruby_saml_key_text
       end
 
-      it "doens't sign through create_xml_document" do
+      it "doesn't sign through create_xml_document" do
         unauth_req = OneLogin::RubySaml::Logoutrequest.new
         inflated = unauth_req.create_xml_document(settings).to_s
 
@@ -113,6 +113,22 @@ class RequestTest < Minitest::Test
         refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
       end
 
+      it "sign unsigned request" do
+        unauth_req = OneLogin::RubySaml::Logoutrequest.new
+        unauth_req_doc = unauth_req.create_xml_document(settings)
+        inflated = unauth_req_doc.to_s
+
+        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+
+        inflated = unauth_req.sign_document(unauth_req_doc, settings).to_s
+
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
+
       it "signs through create_logout_request_xml_doc" do
         unauth_req = OneLogin::RubySaml::Logoutrequest.new
         inflated = unauth_req.create_logout_request_xml_doc(settings).to_s

diff --git a/test/slo_logoutresponse_test.rb b/test/slo_logoutresponse_test.rb
@@ -73,6 +73,40 @@ class SloLogoutresponseTest < Minitest::Test
         settings.security[:embed_sign] = true
       end
 
+      it "doesn't sign through create_xml_document" do
+        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+        inflated = unauth_res.create_xml_document(settings).to_s
+
+        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
+
+      it "sign unsigned request" do
+        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+        unauth_res_doc = unauth_res.create_xml_document(settings)
+        inflated = unauth_res_doc.to_s
+
+        refute_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        refute_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        refute_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+
+        inflated = unauth_res.sign_document(unauth_res_doc, settings).to_s
+
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
+
+      it "signs through create_logout_response_xml_doc" do
+        unauth_res = OneLogin::RubySaml::SloLogoutresponse.new
+        inflated = unauth_res.create_logout_response_xml_doc(settings).to_s
+
+        assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
+        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
+      end
+
       it "create a signed logout response" do
         logout_request.settings = settings
         params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message")