Skip to content

Commit

Permalink
Merge pull request #226 from onelogin/phlipper-certificate-format
Browse files Browse the repository at this point in the history 
Related to #176. Ensure IdP certificate is formatted properly
  • Loading branch information
@pitbulk
pitbulk committed May 1, 2015
2 parents 1b4e3dd + 321db17 commit 386f098
Show file tree
Hide file tree
Showing 19 changed files with 389 additions and 89 deletions.
15 changes: 1 addition & 14 deletions lib/onelogin/ruby-saml/response.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ def validate(soft = true)
validate_response_state(soft) &&
validate_conditions(soft) &&
validate_issuer(soft) &&
document.validate_document(get_fingerprint, soft, :fingerprint_alg => settings.idp_cert_fingerprint_algorithm) &&
document.validate_document(settings.get_fingerprint, soft, :fingerprint_alg => settings.idp_cert_fingerprint_algorithm) &&
validate_success_status(soft)
end

Expand Down Expand Up @@ -272,19 +272,6 @@ def xpath_first_from_signed_assertion(subelt=nil)
node
end

# Calculates the fingerprint of the IdP x509 certificate.
# @return [String] The fingerprint
#
def get_fingerprint
if settings.idp_cert
cert = OpenSSL::X509::Certificate.new(settings.idp_cert)
fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(settings.idp_cert_fingerprint_algorithm).new
fingerprint_alg.hexdigest(cert.to_der).upcase.scan(/../).join(":")
else
settings.idp_cert_fingerprint
end
end

# Validates the Conditions. (If the response was initialized with the :skip_conditions option, this validation is skipped,
# If the response was initialized with the :allowed_clock_drift option, the timing validations are relaxed by the allowed_clock_drift value)
# @param soft [Boolean] soft Enable or Disable the soft mode (In order to raise exceptions when the response is invalid or not)
Expand Down
46 changes: 32 additions & 14 deletions lib/onelogin/ruby-saml/settings.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,26 +98,44 @@ def single_logout_service_binding=(url)
@single_logout_service_binding = url
end

# @return [OpenSSL::X509::Certificate|nil] Build the certificate from the Formatted SP certificate of the settings
# Calculates the fingerprint of the IdP x509 certificate.
# @return [String] The fingerprint
#
def get_sp_cert
cert = nil
if self.certificate
formated_cert = OneLogin::RubySaml::Utils.format_cert(self.certificate)
cert = OpenSSL::X509::Certificate.new(formated_cert)
def get_fingerprint
self.idp_cert_fingerprint || begin
idp_cert = get_idp_cert
if idp_cert
fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(self.idp_cert_fingerprint_algorithm).new
fingerprint_alg.hexdigest(idp_cert.to_der).upcase.scan(/../).join(":")
end
end
cert
end

# @return [OpenSSL::PKey::RSA] Build the private key from the Formatted SP private key of the settings
# @return [OpenSSL::X509::Certificate|nil] Build the IdP certificate from the settings (previously format it)
#
def get_idp_cert
return nil if idp_cert.nil? || idp_cert.empty?

formated_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
OpenSSL::X509::Certificate.new(formated_cert)
end

# @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
#
def get_sp_cert
return nil if certificate.nil? || certificate.empty?

formated_cert = OneLogin::RubySaml::Utils.format_cert(certificate)
OpenSSL::X509::Certificate.new(formated_cert)
end

# @return [OpenSSL::PKey::RSA] Build the SP private from the settings (previously format it)
#
def get_sp_key
private_key = nil
if self.private_key
formated_private_key = OneLogin::RubySaml::Utils.format_private_key(self.private_key)
private_key = OpenSSL::PKey::RSA.new(formated_private_key)
end
private_key
return nil if private_key.nil? || private_key.empty?

formated_private_key = OneLogin::RubySaml::Utils.format_private_key(private_key)
OpenSSL::PKey::RSA.new(formated_private_key)
end

private
Expand Down
72 changes: 27 additions & 45 deletions lib/onelogin/ruby-saml/utils.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,58 +4,40 @@ module RubySaml
# SAML2 Auxiliary class
#
class Utils

# Return the x509 certificate string formatted
# @param cert [String] The original certificate
# @param heads [Boolean] If true, the formatted certificate will include the
# "BEGIN CERTIFICATE" header and the footer.
# Return a properly formatted x509 certificate
#
# @param cert [String] The original certificate
# @return [String] The formatted certificate
#
def self.format_cert(cert, heads=true)
if cert && !cert.empty?
cert = cert.gsub(/\-{5}\s?(BEGIN|END) CERTIFICATE\s?\-{5}/, "")
cert = cert.gsub(/[\n\r\s]/, "")
cert = cert.scan(/.{1,64}/).join("\n")+"\n"
def self.format_cert(cert)
# don't try to format an encoded certificate or if is empty or nil
return cert if cert.nil? || cert.empty? || cert.match(/\x0d/)

if heads
cert = "-----BEGIN CERTIFICATE-----\n" + cert + "-----END CERTIFICATE-----\n"
end
end
cert
cert = cert.gsub(/\-{5}\s?(BEGIN|END) CERTIFICATE\s?\-{5}/, "")
cert = cert.gsub(/[\n\r\s]/, "")
cert = cert.scan(/.{1,64}/)
cert = cert.join("\n")
"-----BEGIN CERTIFICATE-----\n#{cert}\n-----END CERTIFICATE-----"
end

# Return the private key string formatted
# @param key [String] The original private key
# @param heads [Boolean] If true, the formatted private key will include the
# "BEGIN PRIVATE KEY" or the "BEGIN RSA PRIVATE KEY" header and the footer.
# @return [String] The formatted certificate
# Return a properly formatted private key
#
def self.format_private_key(key, heads=true)
if key && !key.empty?
key = key.delete!("\n\r\x0D")
if key.index('-----BEGIN PRIVATE KEY-----') != nil
key = key.gsub('-----BEGIN PRIVATE KEY-----', '')
key = key.gsub('-----END PRIVATE KEY-----', '')
key = key.gsub(' ', '')

key = key.scan(/.{1,64}/).join("\n")+"\n"
if heads
key = "-----BEGIN PRIVATE KEY-----\n" + key + "-----END PRIVATE KEY-----\n"
end
else
key = key.gsub('-----BEGIN RSA PRIVATE KEY-----', '')
key = key.gsub('-----END RSA PRIVATE KEY-----', '')
key = key.gsub(' ', '')
# @param key [String] The original private key
# @return [String] The formatted private key
#
def self.format_private_key(key)
# don't try to format an encoded private key or if is empty
return key if key.nil? || key.empty? || key.match(/\x0d/)

key = key.scan(/.{1,64}/).join("\n")+"\n"
if heads
key = "-----BEGIN RSA PRIVATE KEY-----\n" + key + "-----END RSA PRIVATE KEY-----\n"
end
end
end
key
# is this an rsa key?
rsa_key = key.match("RSA PRIVATE KEY")
key = key.gsub(/\-{5}\s?(BEGIN|END)( RSA)? PRIVATE KEY\s?\-{5}/, "")
key = key.gsub(/[\n\r\s]/, "")
key = key.scan(/.{1,64}/)
key = key.join("\n")
key_label = rsa_key ? "RSA PRIVATE KEY" : "PRIVATE KEY"
"-----BEGIN #{key_label}-----\n#{key}\n-----END #{key_label}-----"
end

end
end
end
end
14 changes: 14 additions & 0 deletions test/certificates/formatted_certificate
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICPDCCAaWgAwIBAgIIEiC/9HMAWWAwDQYJKoZIhvcNAQEFBQAwTzELMAkGA1UE
BhMCVVMxDDAKBgNVBAoTA2libTEMMAoGA1UECxMDc3NvMSQwIgYDVQQDExtjMjVh
MDI3Ny50b3JvbnRvLmNhLmlibS5jb20wHhcNMTEwNTI0MTYzNTQ4WhcNMjEwNTIx
wsQMPBj4WQTNzTYMCQYDVQQGEwJVUzEMMAoGA1UEChMDaWJtMQwwCgYDVQQLEwNz
c28xJDAiBgNVBAMTG2MyNWEwMjc3LnRvcm9udG8uY2EuaWJtLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAgzfYQZuf5FVdJTcrsIQZ+YHTPjOsw2MGo0jC
mdGMcp4brWeFgk1OVaOmytPx6P76wHWR436AleX3crHBPd8gPxuZdnvBQ7PkrKpw
Vvaq52juenFrho8JY0TeVgVkY5jAh45YzytjP2y2k/cGQurI/56NT0PpQJ0S1G3N
4eTg718CAwEAAaMhMB8wHQYDVR0OBBYEFCYVLJqcJ7WgdzGIsuJ/TzDGDqinMA0G
CSqGSIb3DQEBBQUAA4GBAB80bIePf+qWDvWe+9bEEnbFTw7pCknLexxZ0AMqrsmZ
+4jmI+evP1JZYCjfIg9X+MBH01hfp5dFcetz3o6w6SkV+BxLYLgfcy5KUcYsIM/1
2Zkedj87bS1glzOy5B89pKD2DMbu6828Abzgc+4lyQ2ASifsqM4cZdVayzo8n+dQ
-----END CERTIFICATE-----
12 changes: 12 additions & 0 deletions test/certificates/formatted_private_key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
-----BEGIN PRIVATE KEY-----
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3
NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht
YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR
hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR
O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3
B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe
3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL
d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO
5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK
GeW2AKaE6oqRqeVwGw4V
-----END PRIVATE KEY-----
12 changes: 12 additions & 0 deletions test/certificates/formatted_rsa_private_key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3
NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht
YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR
hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR
O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3
B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe
3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL
d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO
5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK
GeW2AKaE6oqRqeVwGw4V
-----END RSA PRIVATE KEY-----
1 change: 1 addition & 0 deletions test/certificates/invalid_certificate1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-----BEGIN CERTIFICATE----- MIICPDCCAaWgAwIBAgIIEiC/9HMAWWAwDQYJKoZIhvcNAQEFBQAwTzELMAkGA1UE BhMCVVMxDDAKBgNVBAoTA2libTEMMAoGA1UECxMDc3NvMSQwIgYDVQQDExtjMjVh MDI3Ny50b3JvbnRvLmNhLmlibS5jb20wHhcNMTEwNTI0MTYzNTQ4WhcNMjEwNTIx wsQMPBj4WQTNzTYMCQYDVQQGEwJVUzEMMAoGA1UEChMDaWJtMQwwCgYDVQQLEwNz c28xJDAiBgNVBAMTG2MyNWEwMjc3LnRvcm9udG8uY2EuaWJtLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAgzfYQZuf5FVdJTcrsIQZ+YHTPjOsw2MGo0jC mdGMcp4brWeFgk1OVaOmytPx6P76wHWR436AleX3crHBPd8gPxuZdnvBQ7PkrKpw Vvaq52juenFrho8JY0TeVgVkY5jAh45YzytjP2y2k/cGQurI/56NT0PpQJ0S1G3N 4eTg718CAwEAAaMhMB8wHQYDVR0OBBYEFCYVLJqcJ7WgdzGIsuJ/TzDGDqinMA0G CSqGSIb3DQEBBQUAA4GBAB80bIePf+qWDvWe+9bEEnbFTw7pCknLexxZ0AMqrsmZ +4jmI+evP1JZYCjfIg9X+MBH01hfp5dFcetz3o6w6SkV+BxLYLgfcy5KUcYsIM/1 2Zkedj87bS1glzOy5B89pKD2DMbu6828Abzgc+4lyQ2ASifsqM4cZdVayzo8n+dQ -----END CERTIFICATE-----
1 change: 1 addition & 0 deletions test/certificates/invalid_certificate2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
MIICPDCCAaWgAwIBAgIIEiC/9HMAWWAwDQYJKoZIhvcNAQEFBQAwTzELMAkGA1UEBhMCVVMxDDAKBgNVBAoTA2libTEMMAoGA1UECxMDc3NvMSQwIgYDVQQDExtjMjVhMDI3Ny50b3JvbnRvLmNhLmlibS5jb20wHhcNMTEwNTI0MTYzNTQ4WhcNMjEwNTIxwsQMPBj4WQTNzTYMCQYDVQQGEwJVUzEMMAoGA1UEChMDaWJtMQwwCgYDVQQLEwNzc28xJDAiBgNVBAMTG2MyNWEwMjc3LnRvcm9udG8uY2EuaWJtLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgzfYQZuf5FVdJTcrsIQZ+YHTPjOsw2MGo0jCmdGMcp4brWeFgk1OVaOmytPx6P76wHWR436AleX3crHBPd8gPxuZdnvBQ7PkrKpw Vvaq52juenFrho8JY0TeVgVkY5jAh45YzytjP2y2k/cGQurI/56NT0PpQJ0S1G3N 4eTg718CAwEAAaMhMB8wHQYDVR0OBBYEFCYVLJqcJ7WgdzGIsuJ/TzDGDqinMA0G CSqGSIb3DQEBBQUAA4GBAB80bIePf+qWDvWe+9bEEnbFTw7pCknLexxZ0AMqrsmZ +4jmI+evP1JZYCjfIg9X+MBH01hfp5dFcetz3o6w6SkV+BxLYLgfcy5KUcYsIM/1 2Zkedj87bS1glzOy5B89pKD2DMbu6828Abzgc+4lyQ2ASifsqM4cZdVayzo8n+dQ
12 changes: 12 additions & 0 deletions test/certificates/invalid_certificate3
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
MIICPDCCAaWgAwIBAgIIEiC/9HMAWWAwDQYJKoZIhvcNAQEFBQAwTzELMAkGA1UE
BhMCVVMxDDAKBgNVBAoTA2libTEMMAoGA1UECxMDc3NvMSQwIgYDVQQDExtjMjVh
MDI3Ny50b3JvbnRvLmNhLmlibS5jb20wHhcNMTEwNTI0MTYzNTQ4WhcNMjEwNTIx
wsQMPBj4WQTNzTYMCQYDVQQGEwJVUzEMMAoGA1UEChMDaWJtMQwwCgYDVQQLEwNz
c28xJDAiBgNVBAMTG2MyNWEwMjc3LnRvcm9udG8uY2EuaWJtLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAgzfYQZuf5FVdJTcrsIQZ+YHTPjOsw2MGo0jC
mdGMcp4brWeFgk1OVaOmytPx6P76wHWR436AleX3crHBPd8gPxuZdnvBQ7PkrKpw
Vvaq52juenFrho8JY0TeVgVkY5jAh45YzytjP2y2k/cGQurI/56NT0PpQJ0S1G3N
4eTg718CAwEAAaMhMB8wHQYDVR0OBBYEFCYVLJqcJ7WgdzGIsuJ/TzDGDqinMA0G
CSqGSIb3DQEBBQUAA4GBAB80bIePf+qWDvWe+9bEEnbFTw7pCknLexxZ0AMqrsmZ
+4jmI+evP1JZYCjfIg9X+MBH01hfp5dFcetz3o6w6SkV+BxLYLgfcy5KUcYsIM/1
2Zkedj87bS1glzOy5B89pKD2DMbu6828Abzgc+4lyQ2ASifsqM4cZdVayzo8n+dQ
1 change: 1 addition & 0 deletions test/certificates/invalid_private_key1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-----BEGIN PRIVATE KEY----- MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3 NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3 B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe 3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO 5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK GeW2AKaE6oqRqeVwGw4V -----END PRIVATE KEY-----
1 change: 1 addition & 0 deletions test/certificates/invalid_private_key2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUhtYzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfRhg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQRO1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOLd3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCKGeW2AKaE6oqRqeVwGw4V
10 changes: 10 additions & 0 deletions test/certificates/invalid_private_key3
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3
NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht
YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR
hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR
O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3
B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe
3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL
d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO
5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK
GeW2AKaE6oqRqeVwGw4V
1 change: 1 addition & 0 deletions test/certificates/invalid_rsa_private_key1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
-----BEGIN RSA PRIVATE KEY----- MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3 NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3 B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe 3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO 5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK GeW2AKaE6oqRqeVwGw4V -----END RSA PRIVATE KEY-----
1 change: 1 addition & 0 deletions test/certificates/invalid_rsa_private_key2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUhtYzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfRhg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQRO1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOLd3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCKGeW2AKaE6oqRqeVwGw4V
10 changes: 10 additions & 0 deletions test/certificates/invalid_rsa_private_key3
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
MIIBuwIBAAKBgQDImEj39zKfeh4LbgzPuos/DCnyKZUJzAHX3OSXA1Akl+CA1Ak3
NgRCJ3NOflCGzW+PcLvxrSwH3mHaqQAvDA2fJOySiVtJ9+tm1jrQnL+AAw7JzUht
YzmnRC8wwuN1+TDuKiK1Hzr/4fz2eFZ6+M53YC4eHOkBYA0FdFGRYrH70wIVAJfR
hg3tWWhJvyJBvaZoh3/BP613AoGBAL0KkMDFRc3FXcvdRKNpWbrsU41G32bBlfQR
O1EBe1+ghIasBr7lxEEhdkfthlaF4JiFHyaXuSx5hPKUbo8AO/MfaPJ7SKK2QRS3
B/qlstzIbjmvgYJJuOs4O4x6lYgeU5rb9G5SoOEBvyo46ZxfzdWhAwfZofsrzAhe
3WlOTZkdAoGAGmt0xlYn/0oYZjCxGKStjBA80E5NypAl7UyFj1RhGjIUkiuRcgOL
d3/fC6vKuqsMtLHyb5EGqtHPbqm4re1rw0zDh+qHEFA4N6UW0poc9eNEfosJA2BO
5o8ft9FzKA033pl89mD0CBj05EPadGR7E7QhL5mXuQJpjXJEiyqbce4CFAUFhvCK
GeW2AKaE6oqRqeVwGw4V
12 changes: 12 additions & 0 deletions test/response_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,18 @@ class RubySamlTest < Minitest::Test
response.validate!
end
end

it "raise when No fingerprint or certificate on settings" do
response = OneLogin::RubySaml::Response.new(response_document)
settings2 = OneLogin::RubySaml::Settings.new
settings2.idp_cert_fingerprint = nil
settings2.idp_cert = nil
response.settings = settings2
assert_raises(OneLogin::RubySaml::ValidationError, "No fingerprint or certificate on settings") do
response.validate!
end
end

end

describe "#validate_structure" do
Expand Down
Loading

0 comments on commit 386f098

Please sign in to comment.