From 571bf42d3191a0b0f4003785f85e13e61a74e4c5 Mon Sep 17 00:00:00 2001 From: Marko Wallin Date: Tue, 1 Oct 2019 22:31:59 +0300 Subject: [PATCH] Fix #355 missing parts: tests. Note: self = this is needed and tests fail if using arrow function as suggested in the PR review. --- lib/passport-saml/saml.js | 9 +++++---- .../acme_tools_com_without_header_and_footer.cert | 15 +++++++++++++++ test/tests.js | 10 ++++++++++ 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 test/static/acme_tools_com_without_header_and_footer.cert diff --git a/lib/passport-saml/saml.js b/lib/passport-saml/saml.js index 8aa77c65..27434348 100644 --- a/lib/passport-saml/saml.js +++ b/lib/passport-saml/saml.js @@ -803,6 +803,7 @@ function processValidlySignedSamlLogout(self, doc, callback) { } SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery) { + var self = this; var tokens = originalQuery.split('&'); var getParam = function (key) { var exists = tokens.filter(function(t) { return new RegExp(key).test(t); }); @@ -821,7 +822,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery return this.certsToCheck() .then(function(certs) { var hasValidQuerySignature = certs.some(function (cert) { - return validateSignatureForRedirect( + return self.validateSignatureForRedirect( urlString, container.Signature, container.SigAlg, cert ); }); @@ -835,7 +836,7 @@ SAML.prototype.hasValidSignatureForRedirect = function (container, originalQuery } }; -function validateSignatureForRedirect (urlString, signature, alg, cert) { +SAML.prototype.validateSignatureForRedirect = function (urlString, signature, alg, cert) { // See if we support a matching algorithm, case-insensitive. Otherwise, throw error. function hasMatch (ourAlgo) { // The incoming algorithm is forwarded as a URL. @@ -855,8 +856,8 @@ function validateSignatureForRedirect (urlString, signature, alg, cert) { var verifier = crypto.createVerify(matchingAlgo); verifier.update(urlString); - return verifier.verify(cert, signature, 'base64'); -} + return verifier.verify(this.certToPEM(cert), signature, 'base64'); +}; SAML.prototype.verifyLogoutRequest = function (doc) { this.verifyIssuer(doc.LogoutRequest); diff --git a/test/static/acme_tools_com_without_header_and_footer.cert b/test/static/acme_tools_com_without_header_and_footer.cert new file mode 100644 index 00000000..1046b270 --- /dev/null +++ b/test/static/acme_tools_com_without_header_and_footer.cert @@ -0,0 +1,15 @@ +MIICrjCCAZYCCQDWybyUsLVkXzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDFA5h +Y21lX3Rvb2xzLmNvbTAeFw0xNTA4MTgwODQ3MzZaFw0yNTA4MTcwODQ3MzZaMBkx +FzAVBgNVBAMUDmFjbWVfdG9vbHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAlyT+OzEymhaZFNfx4+HFxZbBP3egvcUgPvGa7wWCV7vyuCauLBqw +O1FQqzaRDxkEihkHqmUz63D25v2QixLxXyqaFQ8TxDFKwYATtSL7x5G2Gww56H0L +1XGgYdNW1akPx90P+USmVn1Wb//7AwU+TV+u4jIgKZyTaIFWdFlwBhlp4OBEHCyY +wngFgMyVoCBsSmwb4if7Mi5T746J9ZMQpC+ts+kfzley59Nz55pa5fRLwu4qxFUv +2oRdXAf2ZLuxB7DPQbRH82/ewZZ8N4BUGiQyAwOsHgp0sb9JJ8uEM/qhyS1dXXxj +o+kxsI5HXhxp4P5R9VADuOquaLIo8ptIrQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB +AQBW/Y7leJnV76+6bzeqqi+buTLyWc1mASi5LVH68mdailg2WmGfKlSMLGzFkNtg +8fJnfaRZ/GtxmSxhpQRHn63ZlyzqVrFcJa0qzPG21PXPHG/ny8pN+BV8fk74CIb/ ++YN7NvDUrV7jlsPxNT2rQk8G2fM7jsTMYvtz0MBkrZZsUzTv4rZkF/v44J/ACDir +KJiE+TYArm70yQPweX6RvYHNZLSzgg4o+hoyBXo5BGQetAjmcIhC6ZOwN3iVhGjp +0YpWM0pkqStPy3sIR0//LZbskWWlSRb0fX1c4632Xb+zikfec4DniYV6CxkB2U+p +lHpOX1rt1R+UiTEIhTSXPNt/ diff --git a/test/tests.js b/test/tests.js index 5d604293..078b43d7 100644 --- a/test/tests.js +++ b/test/tests.js @@ -2332,6 +2332,16 @@ describe( 'passport-saml /', function() { } }); }); + + it('accepts cert without header and footer line', function(done) { + samlObj.options.cert = fs.readFileSync(__dirname + '/static/acme_tools_com_without_header_and_footer.cert', 'ascii') + samlObj.cacheProvider.save('_79db1e7ad12ca1d63e5b', new Date().toISOString(), function(){}); + samlObj.validateRedirect(this.request, this.request.originalQuery, function(err, _data, success) { + should.not.exist(err); + success.should.eql(true); + done(); + }); + }); }); }); });