Related to #209. Fix sign_document method: inclusive_namespaces

pitbulk · pitbulk · commit c2e52de12ac9 · 2015-03-24T17:19:57.000+01:00
diff --git a/lib/xml_security.rb b/lib/xml_security.rb
@@ -107,7 +107,6 @@ def uuid
     #</Signature>
     def sign_document(private_key, certificate, signature_method = RSA_SHA1, digest_method = SHA1)
       noko = Nokogiri.parse(self.to_s)
-      canon_doc = noko.canonicalize(canon_algorithm(C14N))
 
       signature_element = REXML::Element.new("ds:Signature").add_namespace('ds', DSIG)
       signed_info_element = signature_element.add_element("ds:SignedInfo")
@@ -120,10 +119,14 @@ def sign_document(private_key, certificate, signature_method = RSA_SHA1, digest_
       # Add Transforms
       transforms_element = reference_element.add_element("ds:Transforms")
       transforms_element.add_element("ds:Transform", {"Algorithm" => ENVELOPED_SIG})
-      transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
-      transforms_element.add_element("ds:InclusiveNamespaces", {"xmlns" => C14N, "PrefixList" => INC_PREFIX_LIST})
-      
+      #transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
+      #transforms_element.add_element("ds:InclusiveNamespaces", {"xmlns" => C14N, "PrefixList" => INC_PREFIX_LIST})
+      c14element = transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
+      c14element.add_element("ec:InclusiveNamespaces", {"xmlns:ec" => C14N, "PrefixList" => INC_PREFIX_LIST})
+
       digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
+      inclusive_namespaces = INC_PREFIX_LIST.split(" ")
+      canon_doc = noko.canonicalize(canon_algorithm(C14N), inclusive_namespaces)
       reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
 
       # add SignatureValue
diff --git a/test/response_test.rb b/test/response_test.rb
@@ -379,5 +379,27 @@ class RubySamlTest < Minitest::Test
       end
     end
 
+    describe '#sign_document' do
+      it 'Sign an unsigned SAML Response XML and initiate the SAML object with it' do
+        xml = Base64.decode64(fixture("test_sign.xml"))
+
+        document = XMLSecurity::Document.new(xml)
+
+        formated_cert = OneLogin::RubySaml::Utils.format_cert(ruby_saml_cert_text)
+        cert = OpenSSL::X509::Certificate.new(formated_cert)
+
+        formated_private_key = OneLogin::RubySaml::Utils.format_private_key(ruby_saml_key_text)
+        private_key = OpenSSL::PKey::RSA.new(formated_private_key)
+        document.sign_document(private_key, cert)
+
+        saml_response = OneLogin::RubySaml::Response.new(document.to_s)
+        settings = OneLogin::RubySaml::Settings.new
+        settings.idp_cert = ruby_saml_cert_text
+        saml_response.settings = settings
+        time = Time.parse("2015-03-18T04:50:24Z")
+        Time.stubs(:now).returns(time)
+        saml_response.validate!
+      end
+    end
   end
 end
