Handle case of missing InResponseTo when validation is on

node-saml · Sep 25, 2018 · e483496 · e483496
1 parent f7aab5c
commit e483496
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 0 deletions.
diff --git a/docs/xml-signing-example.js b/docs/xml-signing-example.js
@@ -0,0 +1,41 @@
+// This will help generate signing info for test cases.
+// Simply fill in the data and run it to get <DigestValue /> and <SignatureValue />.
+
+const crypto = require('crypto')
+
+const private_key = `-----BEGIN PRIVATE KEY-----
+
+-----END PRIVATE KEY-----
+`
+
+const cert = `-----BEGIN CERTIFICATE-----
+
+-----END CERTIFICATE-----
+`
+
+const saml_message = ``
+
+const signed_info = `<SignedInfo...</SignedInfo>`
+
+const signer = crypto.createSign('RSA-SHA1');
+signer.update(signed_info);
+signer.end();
+
+const signature = signer.sign(private_key)
+const signature_b64 = signature.toString('base64')
+
+const verifier = crypto.createVerify('RSA-SHA1')
+verifier.update(signed_info)
+verifier.end()
+
+const verified = verifier.verify(cert, signature)
+
+const hash = crypto.createHash('RSA-SHA1')
+hash.update(saml_message, 'utf8')
+const digest_b64 = hash.digest('base64')
+
+console.log(JSON.stringify({
+	signature: signature_b64,
+	digest: digest_b64,
+	verified: verified,
+}, null, 2))
diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
@@ -584,6 +584,8 @@ SAML.prototype.validatePostResponse = function (container, callback) {
               throw new Error('InResponseTo is not valid');
             return Q();
           });
+      } else {
+        throw new Error('InResponseTo is missing from response');
       }
     } else {
       return Q();

diff --git a/test/tests.js b/test/tests.js