Clean up metadata tests.

Umofomia · Umofomia · commit 44fe9f5d50f0 · 2015-03-19T14:04:13.000-07:00
diff --git a/test/metadata_test.rb b/test/metadata_test.rb
@@ -3,122 +3,105 @@
 class MetadataTest < Minitest::Test
 
   describe 'Metadata' do
-    def setup
-      @settings = OneLogin::RubySaml::Settings.new
-      @settings.issuer = "https://example.com"
-      @settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-      @settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-      @settings.security[:authn_requests_signed] = false
-    end
-
-    it "generates Service Provider Metadata with X509Certificate" do
-      @settings.security[:authn_requests_signed] = true
-      @settings.certificate = ruby_saml_cert_text
-
-      xml_text = OneLogin::RubySaml::Metadata.new.generate(@settings)
-
-      # assert xml_text can be parsed into an xml doc
-      xml_doc = REXML::Document.new(xml_text)
-
-      spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
-      assert_equal "true", spsso_descriptor.attribute("AuthnRequestsSigned").value
+    let(:settings)          { OneLogin::RubySaml::Settings.new }
+    let(:xml_text)          { OneLogin::RubySaml::Metadata.new.generate(settings) }
+    let(:xml_doc)           { REXML::Document.new(xml_text) }
+    let(:spsso_descriptor)  { REXML::XPath.first(xml_doc, "//md:SPSSODescriptor") }
+    let(:acs)               { REXML::XPath.first(xml_doc, "//md:AssertionConsumerService") }
 
-      cert_node = REXML::XPath.first(xml_doc, "//md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate", {
-        "md" => "urn:oasis:names:tc:SAML:2.0:metadata",
-        "ds" => "http://www.w3.org/2000/09/xmldsig#"
-      })
-      cert_text = cert_node.text
-      cert = OpenSSL::X509::Certificate.new(Base64.decode64(cert_text))
-      assert_equal ruby_saml_cert.to_der, cert.to_der
-    end
-
-    it "generates Service Provider Metadata" do
-      settings = OneLogin::RubySaml::Settings.new
+    before do
       settings.issuer = "https://example.com"
       settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
       settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-      settings.security[:authn_requests_signed] = false
-
-      xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
+    end
 
+    it "generates Service Provider Metadata" do
       # assert correct xml declaration
       start = "<?xml version='1.0' encoding='UTF-8'?>\n<md:EntityDescriptor"
       assert xml_text[0..start.length-1] == start
 
-      # assert xml_text can be parsed into an xml doc
-      xml_doc = REXML::Document.new(xml_text)
-
       assert_equal "https://example.com", REXML::XPath.first(xml_doc, "//md:EntityDescriptor").attribute("entityID").value
 
-      spsso_descriptor = REXML::XPath.first(xml_doc, "//md:SPSSODescriptor")
       assert_equal "urn:oasis:names:tc:SAML:2.0:protocol", spsso_descriptor.attribute("protocolSupportEnumeration").value
       assert_equal "false", spsso_descriptor.attribute("AuthnRequestsSigned").value
       assert_equal "false", spsso_descriptor.attribute("WantAssertionsSigned").value
 
       assert_equal "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", REXML::XPath.first(xml_doc, "//md:NameIDFormat").text.strip
 
-      acs = REXML::XPath.first(xml_doc, "//md:AssertionConsumerService")
       assert_equal "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", acs.attribute("Binding").value
       assert_equal "https://foo.example/saml/consume", acs.attribute("Location").value
     end
 
-    it "generates attribute service if configured" do
-      settings = OneLogin::RubySaml::Settings.new
-      settings.issuer = "https://example.com"
-      settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-      settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-      settings.attribute_consuming_service.configure do
-        service_name "Test Service"
-        add_attribute(:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name", :attribute_value => "Attribute Value")
+    describe "when auth requests are signed" do
+      let(:cert_node) do
+        REXML::XPath.first(
+          xml_doc,
+          "//md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
+          "md" => "urn:oasis:names:tc:SAML:2.0:metadata",
+          "ds" => "http://www.w3.org/2000/09/xmldsig#"
+        )
+      end
+      let(:cert)  { OpenSSL::X509::Certificate.new(Base64.decode64(cert_node.text)) }
+
+      before do
+        settings.security[:authn_requests_signed] = true
+        settings.certificate = ruby_saml_cert_text
+      end
+
+      it "generates Service Provider Metadata with X509Certificate" do
+        assert_equal "true", spsso_descriptor.attribute("AuthnRequestsSigned").value
+        assert_equal ruby_saml_cert.to_der, cert.to_der
       end
+    end
+
+    describe "when attribute service is configured" do
+      let(:attr_svc)  { REXML::XPath.first(xml_doc, "//md:AttributeConsumingService") }
+      let(:req_attr)  { REXML::XPath.first(xml_doc, "//md:RequestedAttribute") }
 
-      xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
-      xml_doc = REXML::Document.new(xml_text)
-      acs = REXML::XPath.first(xml_doc, "//md:AttributeConsumingService")
-      assert_equal "true", acs.attribute("isDefault").value
-      assert_equal "1", acs.attribute("index").value
-      assert_equal REXML::XPath.first(xml_doc, "//md:ServiceName").text.strip, "Test Service"
-      req_attr = REXML::XPath.first(xml_doc, "//md:RequestedAttribute")
-      assert_equal "Name", req_attr.attribute("Name").value
-      assert_equal "Name Format", req_attr.attribute("NameFormat").value
-      assert_equal "Friendly Name", req_attr.attribute("FriendlyName").value
-      assert_equal "Attribute Value", REXML::XPath.first(xml_doc, "//md:AttributeValue").text.strip
+      before do
+        settings.attribute_consuming_service.configure do
+          service_name "Test Service"
+          add_attribute(:name => "Name", :name_format => "Name Format", :friendly_name => "Friendly Name", :attribute_value => "Attribute Value")
+        end
+      end
+
+      it "generates attribute service" do
+        assert_equal "true", attr_svc.attribute("isDefault").value
+        assert_equal "1", attr_svc.attribute("index").value
+        assert_equal REXML::XPath.first(xml_doc, "//md:ServiceName").text.strip, "Test Service"
+
+        assert_equal "Name", req_attr.attribute("Name").value
+        assert_equal "Name Format", req_attr.attribute("NameFormat").value
+        assert_equal "Friendly Name", req_attr.attribute("FriendlyName").value
+        assert_equal "Attribute Value", REXML::XPath.first(xml_doc, "//md:AttributeValue").text.strip
+      end
     end
 
     describe "when the settings indicate to sign (embedded) the metadata" do
-      it "create a signed metadata" do
-        settings = OneLogin::RubySaml::Settings.new
-        settings.issuer = "https://example.com"
-        settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-        settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
+      before do
         settings.security[:metadata_signed] = true
         settings.security[:embed_sign] = true
         settings.certificate = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
-        xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
+      end
 
+      it "creates a signed metadata" do
         assert_match %r[<ds:SignatureValue>\s*([a-zA-Z0-9/+=]+)\s*</ds:SignatureValue>]m, xml_text
         assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], xml_text
         assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], xml_text
       end
 
-      it "create a signed metadata with 256 digest and signature methods" do
-        settings = OneLogin::RubySaml::Settings.new
-        settings.issuer = "https://example.com"
-        settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
-        settings.assertion_consumer_service_url = "https://foo.example/saml/consume"
-        settings.security[:metadata_signed] = true
-        settings.security[:embed_sign] = true
-        settings.security[:signature_method] = XMLSecurity::Document::SHA256
-        settings.security[:digest_method] = XMLSecurity::Document::SHA512
-        settings.certificate = ruby_saml_cert_text
-        settings.private_key = ruby_saml_key_text
-
-        xml_text = OneLogin::RubySaml::Metadata.new.generate(settings)
-
-        assert_match %r[<ds:SignatureValue>\s*([a-zA-Z0-9/+=]+)\s*</ds:SignatureValue>]m, xml_text
-        assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], xml_text
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'/>], xml_text
+      describe "when digest and signature methods are specified" do
+        before do
+          settings.security[:signature_method] = XMLSecurity::Document::SHA256
+          settings.security[:digest_method] = XMLSecurity::Document::SHA512
+        end
+
+        it "creates a signed metadata with specified digest and signature methods" do
+          assert_match %r[<ds:SignatureValue>\s*([a-zA-Z0-9/+=]+)\s*</ds:SignatureValue>]m, xml_text
+          assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], xml_text
+          assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'/>], xml_text
+        end
       end
     end
   end
