fix tests

Author: johnnyshields

lib/ruby_saml/response.rb

@@ -800,7 +800,7 @@ def doc_to_validate
       # If the response contains the signature, and the assertion was encrypted, validate the original SAML Response
       # otherwise, review if the decrypted assertion contains a signature
       subject_id = RubySaml::XML::SignedDocumentValidator.subject_id(document)
-      return nil unless subject_id
+      return decrypted_document unless subject_id
 
       sig_elements = document.xpath(
         "/p:Response[@ID=$id]/ds:Signature",
@@ -858,7 +858,7 @@ def validate_signature
           fingerprint_alg: settings.idp_cert_fingerprint_algorithm
         }
 
-        if fingerprint && RubySaml::XML::SignedDocumentValidator.validate_document(doc, fingerprint, @errors, soft: @soft, **opts)
+        if fingerprint && RubySaml::XML::SignedDocumentValidator.validate_document(doc, fingerprint, @errors, soft: @soft, **opts).is_a?(TrueClass) # TODO: DANGEROUS
           if settings.security[:check_idp_cert_expiration] && RubySaml::Utils.is_cert_expired(idp_cert)
             return append_error("IdP x509 certificate expired")
           end
@@ -869,7 +869,7 @@ def validate_signature
         valid = false
         expired = false
         idp_certs[:signing].each do |idp_cert|
-          valid = RubySaml::XML::SignedDocumentValidator.validate_document_with_cert(doc, idp_cert, @errors, soft: @soft)
+          valid = RubySaml::XML::SignedDocumentValidator.validate_document_with_cert(doc, idp_cert, @errors, soft: @soft).is_a?(TrueClass) # TODO: DANGEROUS
           next unless valid
 
           if settings.security[:check_idp_cert_expiration] && RubySaml::Utils.is_cert_expired(idp_cert)
@@ -911,29 +911,27 @@ def cached_signed_assertion
       empty_doc = Nokogiri::XML::Document.new
 
       xml = doc_to_validate
-      dup = doc_to_validate.to_s.dup
       return empty_doc if xml.nil?
 
-      xml = RubySaml::XML::SignedDocumentValidator.subject_node(xml)
+      subject = RubySaml::XML::SignedDocumentValidator.subject_node(xml)
       return empty_doc if xml.nil? # when no signature/reference is found, return empty document
 
-      root = xml.document.root
-      subject_id = RubySaml::XML::SignedDocumentValidator.subject_id(dup)
+      subject_id = RubySaml::XML::SignedDocumentValidator.subject_id(xml)
       return nil unless subject_id
 
-      if root["ID"] != subject_id
+      if subject['ID'] != subject_id
         return empty_doc
       end
 
       assertion = empty_doc
-      if root.name == "Response"
-        if (result = root.at_xpath("a:Assertion", {"a" => RubySaml::XML::NS_ASSERTION}))
+      if subject.name == "Response"
+        if (result = subject.at_xpath("a:Assertion", {"a" => RubySaml::XML::NS_ASSERTION}))
           assertion = result
-        elsif (result = root.at_xpath("a:EncryptedAssertion", {"a" => RubySaml::XML::NS_ASSERTION}))
+        elsif (result = subject.at_xpath("a:EncryptedAssertion", {"a" => RubySaml::XML::NS_ASSERTION}))
           assertion = RubySaml::XML::Decryptor.decrypt_assertion(result, settings&.get_sp_decryption_keys)
         end
-      elsif root.name == "Assertion"
-        assertion = root
+      elsif subject.name == "Assertion"
+        assertion = subject
       end
 
       assertion

lib/ruby_saml/xml/signed_document_info.rb

@@ -18,7 +18,7 @@ def initialize(noko, check_malformed_doc: true)
       end
 
       # Validates the subject_node, which is the signed part of the document
-      def validate_document(idp_cert_fingerprint = true, options = {})
+      def validate_document(idp_cert_fingerprint, options = {})
         # Get certificate from document
         if certificate_object
           # Calculate fingerprint using specified algorithm
@@ -37,7 +37,7 @@ def validate_document(idp_cert_fingerprint = true, options = {})
         elsif options[:cert]
           cert = options[:cert]
         else
-          raise RubySaml::ValidationError.new('Certificate element missing in response (ds:X509Certificate) and no cert provided at settings')
+          raise RubySaml::ValidationError.new('Certificate element missing in response (ds:X509Certificate) and no cert provided in settings')
         end
 
         validate_signature(cert)

lib/ruby_saml/xml/signed_document_validator.rb

@@ -13,7 +13,7 @@ def with_error_handling(errors, soft)
       rescue RubySaml::ValidationError => e
         errors << e.message
         raise e unless soft
-        errors
+        errors # TODO: Return false??
       end
 
       # TODO: [ERRORS-REFACTOR] -- Rather than returning array of error,

test/response_test.rb

@@ -943,7 +943,7 @@ def generate_audience_error(expected, actual)
         response_invalid_x509certificate = RubySaml::Response.new(content)
         response_invalid_x509certificate.settings = settings
         assert !response_invalid_x509certificate.send(:validate_signature)
-        assert_includes response_invalid_x509certificate.errors, "Document Certificate Error: PEM_read_bio_X509: no start line"
+        assert_includes response_invalid_x509certificate.errors, "Document Certificate Error"
         assert_includes response_invalid_x509certificate.errors, "Invalid Signature on SAML Response"
       end