Fix #355 missing parts: tests.

Note: self = this is needed and tests fail if using arrow function as suggested in the PR review.
node-saml · Oct 1, 2019 · 571bf42 · 571bf42
1 parent da64d88
commit 571bf42
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js
@@ -803,6 +803,7 @@ function processValidlySignedSamlLogout(self, doc, callback) {
 }
 
 SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery) {
+  var self = this;
   var tokens = originalQuery.split('&');
   var getParam = function (key) {
     var exists = tokens.filter(function(t) { return new RegExp(key).test(t); });
@@ -821,7 +822,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery
     return this.certsToCheck()
       .then(function(certs) {
         var hasValidQuerySignature = certs.some(function (cert) {
-          return validateSignatureForRedirect(
+          return self.validateSignatureForRedirect(
             urlString, container.Signature, container.SigAlg, cert
           );
         });
@@ -835,7 +836,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery
   }
 };
 
-function validateSignatureForRedirect (urlString, signature, alg, cert) {
+SAML.prototype.validateSignatureForRedirect = function (urlString, signature, alg, cert) {
   // See if we support a matching algorithm, case-insensitive. Otherwise, throw error.
   function hasMatch (ourAlgo) {
     // The incoming algorithm is forwarded as a URL.
@@ -855,8 +856,8 @@ function validateSignatureForRedirect (urlString, signature, alg, cert) {
   var verifier = crypto.createVerify(matchingAlgo);
   verifier.update(urlString);
 
-  return verifier.verify(cert, signature, 'base64');
-}
+  return verifier.verify(this.certToPEM(cert), signature, 'base64');
+};
 
 SAML.prototype.verifyLogoutRequest = function (doc) {
   this.verifyIssuer(doc.LogoutRequest);

diff --git a/test/static/acme_tools_com_without_header_and_footer.cert b/test/static/acme_tools_com_without_header_and_footer.cert
@@ -0,0 +1,15 @@
+MIICrjCCAZYCCQDWybyUsLVkXzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDFA5h
+Y21lX3Rvb2xzLmNvbTAeFw0xNTA4MTgwODQ3MzZaFw0yNTA4MTcwODQ3MzZaMBkx
+FzAVBgNVBAMUDmFjbWVfdG9vbHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAlyT+OzEymhaZFNfx4+HFxZbBP3egvcUgPvGa7wWCV7vyuCauLBqw
+O1FQqzaRDxkEihkHqmUz63D25v2QixLxXyqaFQ8TxDFKwYATtSL7x5G2Gww56H0L
+1XGgYdNW1akPx90P+USmVn1Wb//7AwU+TV+u4jIgKZyTaIFWdFlwBhlp4OBEHCyY
+wngFgMyVoCBsSmwb4if7Mi5T746J9ZMQpC+ts+kfzley59Nz55pa5fRLwu4qxFUv
+2oRdXAf2ZLuxB7DPQbRH82/ewZZ8N4BUGiQyAwOsHgp0sb9JJ8uEM/qhyS1dXXxj
+o+kxsI5HXhxp4P5R9VADuOquaLIo8ptIrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQBW/Y7leJnV76+6bzeqqi+buTLyWc1mASi5LVH68mdailg2WmGfKlSMLGzFkNtg
+8fJnfaRZ/GtxmSxhpQRHn63ZlyzqVrFcJa0qzPG21PXPHG/ny8pN+BV8fk74CIb/
++YN7NvDUrV7jlsPxNT2rQk8G2fM7jsTMYvtz0MBkrZZsUzTv4rZkF/v44J/ACDir
+KJiE+TYArm70yQPweX6RvYHNZLSzgg4o+hoyBXo5BGQetAjmcIhC6ZOwN3iVhGjp
+0YpWM0pkqStPy3sIR0//LZbskWWlSRb0fX1c4632Xb+zikfec4DniYV6CxkB2U+p
+lHpOX1rt1R+UiTEIhTSXPNt/
diff --git a/test/tests.js b/test/tests.js
@@ -2332,6 +2332,16 @@ describe( 'passport-saml /', function() {
           }
         });
       });
+
+      it('accepts cert without header and footer line', function(done) {
+        samlObj.options.cert = fs.readFileSync(__dirname + '/static/acme_tools_com_without_header_and_footer.cert', 'ascii')
+        samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){});
+        samlObj.validateRedirect(this.request, this.request.originalQuery, function(err, _data, success) {
+          should.not.exist(err);
+          success.should.eql(true);
+          done();
+        });
+      });
     });
   });
 });