Merge pull request #533 from JDrizzy/master

Check if response is encrypted
SAML-Toolkits · Apr 3, 2020 · 811618d · 811618d
2 parents 0814853 + 33dd34b
commit 811618d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -579,7 +579,7 @@ Remember to provide it to the Signature builder if you are sending a `GET RelayS
 signature validation process will fail at the Identity Provider.
 
 The Service Provider will sign the request/responses with its private key.
-The Identity Provider will validate the sign of the received request/responses with the public x500 cert of the
+The Identity Provider will validate the sign of the received request/responses with the public x509 cert of the
 Service Provider.
 
 Notice that this toolkit uses 'settings.certificate' and 'settings.private_key' for the sign and decrypt processes.

diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb
@@ -341,6 +341,17 @@ def allowed_clock_drift
         return options[:allowed_clock_drift].to_f
       end
 
+      # Checks if the SAML Response contains or not an EncryptedAssertion element
+      # @return [Boolean] True if the SAML Response contains an EncryptedAssertion element
+      #
+      def assertion_encrypted?
+        ! REXML::XPath.first(
+          document,
+          "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+          { "p" => PROTOCOL, "a" => ASSERTION }
+        ).nil?
+      end
+
       private
 
       # Validates the SAML Response (calls several validation methods)
@@ -967,17 +978,6 @@ def decrypt_assertion_from_document(document_copy)
         XMLSecurity::SignedDocument.new(response_node.to_s)
       end
 
-      # Checks if the SAML Response contains or not an EncryptedAssertion element
-      # @return [Boolean] True if the SAML Response contains an EncryptedAssertion element
-      #
-      def assertion_encrypted?
-        ! REXML::XPath.first(
-          document,
-          "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
-          { "p" => PROTOCOL, "a" => ASSERTION }
-        ).nil?
-      end
-
       # Decrypts an EncryptedAssertion element
       # @param encrypted_assertion_node [REXML::Element] The EncryptedAssertion element
       # @return [REXML::Document] The decrypted EncryptedAssertion element