Skip to content

Commit

Permalink
Fix: xpath select for validating signature [Fixes:113] (#114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mitakuye @tngan
mitakuye authored and tngan committed Aug 9, 2017
1 parent c46c73f commit f1d14a6
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/libsaml.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,7 @@ const libSaml = () => {
metadataCert = [metadataCert];
}
metadataCert = metadataCert.map(utility.normalizeCerString);
let x509Certificate = select("//*[local-name(.)='X509Certificate']", s)[0].firstChild.data;
let x509Certificate = select(".//*[local-name(.)='X509Certificate']", s)[0].firstChild.data;
x509Certificate = utility.normalizeCerString(x509Certificate);
if (includes(metadataCert, x509Certificate)) {
selectedCert = x509Certificate;
Expand Down
13 changes: 10 additions & 3 deletions test/flow.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,13 @@ const spWantLogoutReqSign = serviceProvider({ ...defaultSpConfig, wantLogoutRequ
const spWantLogoutResSign = serviceProvider({ ...defaultSpConfig, wantLogoutResponseSigned: true });
const idpWantLogoutResSign = identityProvider({ ...defaultIdpConfig, wantLogoutResponseSigned: true });
const spNoAssertSign = serviceProvider({ ...defaultSpConfig, metadata: spmetaNoAssertSign });
const spNoAssertSignCustomConfig = serviceProvider({ ...defaultSpConfig,
metadata: spmetaNoAssertSign,
signatureConfig: {
prefix: 'ds',
location: { reference: "//*[local-name(.)='EncryptedAssertion']", action: 'after' },
},
});

function writer(str) {
writeFileSync('test.txt', str);
Expand Down Expand Up @@ -557,9 +564,9 @@ test('sp sends a post logout response with signature and parse', async t => {
t.is(extract.logoutresponse.destination, 'https://idp.example.org/sso/SingleLogoutService');
});

test('send login response with encrypted non-signed assertion with EncryptThenSign and parse it', async t => {
const { id, context: SAMLResponse } = await idpEncryptThenSign.createLoginResponse(spNoAssertSign, { extract: { authnrequest: { id: 'request_id' } } }, 'post', { email: 'user@esaml2.com' }, undefined, true);
const { samlContent, extract } = await spNoAssertSign.parseLoginResponse(idpEncryptThenSign, 'post', { body: { SAMLResponse } });
test('send login response with encrypted non-signed assertion with EncryptThenSign and parse it', async t => {
const { id, context: SAMLResponse } = await idpEncryptThenSign.createLoginResponse(spNoAssertSignCustomConfig, { extract: { authnrequest: { id: 'request_id' } } }, 'post', { email: 'user@esaml2.com' }, undefined, true);
const { samlContent, extract } = await spNoAssertSignCustomConfig.parseLoginResponse(idpEncryptThenSign, 'post', { body: { SAMLResponse } });
t.is(typeof id, 'string');
t.is(samlContent.startsWith('<samlp:Response'), true);
t.is(samlContent.endsWith('/samlp:Response>'), true);
Expand Down

0 comments on commit f1d14a6

Please sign in to comment.