Merge branch 'v2.x' into signed-document-info-refactor

Author: johnnyshields

.github/workflows/test.yml

@@ -26,7 +26,7 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - ubuntu-20.04
+          - ubuntu-22.04
           - macos-latest
           - windows-latest
         ruby-version:

lib/ruby_saml/xml/decoder.rb

@@ -15,14 +15,14 @@ module Decoder
       #   to prevent a possible DoS attack.
       # @return [String] The plain SAML Message
       def decode_message(message, max_bytesize = nil)
-        return message unless base64_encoded?(message)
-
         max_bytesize ||= DEFAULT_MAX_BYTESIZE
 
         if message.bytesize > max_bytesize # rubocop:disable Style/IfUnlessModifier
           raise ValidationError.new("Encoded SAML Message exceeds #{max_bytesize} bytes, so was rejected")
         end
 
+        return message unless base64_encoded?(message)
+
         message = try_inflate(base64_decode(message))
 
         if message.bytesize > max_bytesize # rubocop:disable Style/IfUnlessModifier

test/response_test.rb

@@ -7,6 +7,7 @@ class RubySamlTest < Minitest::Test
   describe "Response" do
     let(:settings) { RubySaml::Settings.new }
     let(:response) { RubySaml::Response.new(response_document_without_recipient) }
+    let(:response_without_recipient) { OneLogin::RubySaml::Response.new(signed_response_document_without_recipient) }
     let(:response_without_attributes) { RubySaml::Response.new(response_document_without_attributes) }
     let(:response_with_multiple_attribute_statements) { RubySaml::Response.new(fixture(:response_with_multiple_attribute_statements)) }
     let(:response_without_reference_uri) { RubySaml::Response.new(response_document_without_reference_uri) }
@@ -137,8 +138,8 @@ def generate_audience_error(expected, actual)
 
       it "raise when evil attack vector is present, soft = false " do
         @response.soft = false
-
-        assert_raises(RubySaml::ValidationError) do
+        error_msg = "XML load failed: Dangerous XML detected. No Doctype nodes allowed"
+        assert_raises(RubySaml::ValidationError, error_msg) do
           @response.send(:validate_structure)
         end
       end
@@ -245,13 +246,14 @@ def generate_audience_error(expected, actual)
 
         it "raise when encountering a condition that prevents the document from being valid" do
           settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-          response.settings = settings
-          response.soft = false
+          response_without_recipient.settings = settings
+          response_without_recipient.soft = false
           error_msg = "Current time is on or after NotOnOrAfter condition"
           assert_raises(RubySaml::ValidationError, error_msg) do
-            response.is_valid?
+            response_without_recipient.is_valid?
           end
-          assert_includes response.errors[0], error_msg
+          assert !response_without_recipient.errors.empty?
+          assert_includes response_without_recipient.errors[0], error_msg
         end
 
         it "raise when encountering a SAML Response with bad formatted" do
@@ -265,7 +267,7 @@ def generate_audience_error(expected, actual)
 
         it "raise when the inResponseTo value does not match the Request ID" do
           settings.soft = false
-          settings.idp_cert_fingerprint = signature_fingerprint_1
+          settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
           opts = {}
           opts[:settings] = settings
           opts[:matches_request_id] = "invalid_request_id"
@@ -278,7 +280,7 @@ def generate_audience_error(expected, actual)
         end
 
         it "raise when there is no valid audience" do
-          settings.idp_cert_fingerprint = signature_fingerprint_1
+          settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
           settings.sp_entity_id = 'invalid'
           response_valid_signed.settings = settings
           response_valid_signed.soft = false
@@ -406,10 +408,11 @@ def generate_audience_error(expected, actual)
 
         it "return false when encountering a condition that prevents the document from being valid" do
           settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
-          response.settings = settings
+          response_without_recipient.settings = settings
           error_msg = "Current time is on or after NotOnOrAfter condition"
-          assert !response.is_valid?
-          assert_includes response.errors[0], error_msg
+          assert !response_without_recipient.is_valid?
+          assert !response_without_recipient.errors.empty?
+          assert_includes response_without_recipient.errors[0], error_msg
         end
 
         it "return false when encountering a SAML Response with bad formatted" do
@@ -423,7 +426,7 @@ def generate_audience_error(expected, actual)
 
         it "return false when the inResponseTo value does not match the Request ID" do
           settings.soft = true
-          settings.idp_cert_fingerprint = signature_fingerprint_1
+          settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
           opts = {}
           opts[:settings] = settings
           opts[:matches_request_id] = "invalid_request_id"
@@ -433,7 +436,7 @@ def generate_audience_error(expected, actual)
         end
 
         it "return false when there is no valid audience" do
-          settings.idp_cert_fingerprint = signature_fingerprint_1
+          settings.idp_cert_fingerprint = ruby_saml_cert_fingerprint
           settings.sp_entity_id = 'invalid'
           response_valid_signed.settings = settings
           response_valid_signed.is_valid?

test/responses/signed_response_with_undefined_recipient.xml.base64

@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJwZngyZGVmOWE4Yi1jMjNmLWQ2OWQtZDYwOS04NDhlNGI4YmY2MjQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4MmRlZjlhOGItYzIzZi1kNjlkLWQ2MDktODQ4ZTRiOGJmNjI0Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT4rYU5VZlM0NEgraUROLzFTRi9mTFFJK0RsT0E9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkFTODFFbWF3LzJNVEI1bVVwVThzOTlDQXROSGpnVkFCVlNjYmtVdFlkU3BuMWVWdGhEY3NWbnFyVUkwSGJvV1g1emtoWHNqMTdnVDkxdkI5a29tOUZjbTJpSWJhU2hGWnVpRlM5dUN6SDI5ZFJSd2V2blFaZjdTT3kzNXVlMGdmQ0sraDhnTmV0V29DZFdvdVRZbGJsVWlLYXk4YXVnYndJZnA5Ukg4TWVFYz08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ0d6Q0NBWVFDQ1FDTk5jUVhvbTMyVkRBTkJna3Foa2lHOXcwQkFRVUZBREJTTVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUNCTUNTVTR4RlRBVEJnTlZCQWNUREVsdVpHbGhibUZ3YjJ4cGN6RVJNQThHQTFVRUNoTUlUMjVsVEc5bmFXNHhEREFLQmdOVkJBc1RBMFZ1WnpBZUZ3MHhOREEwTWpNeE9EUXhNREZhRncweE5UQTBNak14T0RReE1ERmFNRkl4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkpUakVWTUJNR0ExVUVCeE1NU1c1a2FXRnVZWEJ2Ykdsek1SRXdEd1lEVlFRS0V3aFBibVZNYjJkcGJqRU1NQW9HQTFVRUN4TURSVzVuTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEbzZtK1FadllRL3hMMEVsTGd1cEsxUURjWUw0ZjVQY2t3c05nUzlwVXZWN2Z6VHFDSGs4VGhMeFRrNDJNUTJNY0pzT2VVSlZQNzI4S2h5bWpGQ3F4Z1A0VnV3Ums5cnBBbDArbWh5Nk1QZHlqeUE2RzE0anJEV1M2NXlzTGNoSzR0L3Z3cEVEejBTUWxFb0cxa016bGxTbTd6WlMzWHJlZ0E3RGpOYVVZUXF3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUxNMnZHQ2lRL3ZtK2E2djQwK1ZYMnpkcUhBMlEvMXZGMWliUXpKNTRNSkNPVld2cyt2UVhmWkZoZG0wT1BNMklyRFU3b3F2S1BxUDZ4T0FlSks2SDB5UDdNNFlMM2ZhdFN2SVltbWZ5WEM5a3QzU3Z6L055ckh6UGhVbkoweWUvc1VTWHhuelF4d2NtLzlQd0FxclFhQTNRcFFrSDU3eWJGL09vcnlQZSsyaDwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIj4NCjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5vbmVsb2dpbi5jb20vc2FtbC9tZXRhZGF0YS8xMzU5MDwvc2FtbDpJc3N1ZXI+DQogICAgPHNhbWw6U3ViamVjdD4NCiAgICAgIDxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c3VwcG9ydEBvbmVsb2dpbi5jb208L3NhbWw6TmFtZUlEPg0KICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPg0KICAgICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMjI6MDI6MzdaIiBSZWNpcGllbnQ9IntyZWNpcGllbnR9Ii8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMTEtMThUMjE6NTI6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMjI6MDI6MzdaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPnthdWRpZW5jZX08L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDEwLTExLTE5VDIxOjU3OjM3WiIgU2Vzc2lvbkluZGV4PSJfNTMxYzMyZDI4M2JkZmY3ZTA0ZTQ4N2JjZGJjNGRkOGQiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5kZW1vPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj52YWx1ZTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+

test/responses/valid_response.xml.base64

@@ -1 +1 @@
-pVdbk6LIEn4/EfsfDOfRsCkughrdvacEtVFRadBWX05AUQjKTQoF/fVb4mW6e3pmZ/c8aWZlfvllZl2Sxz+LMKgccEr8OHqqsg+g+ufzH/95JFYYJO1XTJI4IrhCjSLSPiufqvs0ascW8Uk7skJM2hlqG1AbtbkH0LYIwWlGoarvXJJf+yRpnMUoDqoVVXmqJm5hoyYnWq5Txy0X1x3etetOUxLqSJAAQDx2AWpWK/MbZ4pBXQnZYzUimRVlVAVYoQ7EOhBMwLU5rg24VbWiYJL5kZWVXl6WJW2GsZLkIdw71kMUM4TEDKLp7kNMAaNb8mb8VP2fiwSLF2xQlzClA1gO15Fl4brU5Gxks7xt883qc1m2dsklfT5HINcQcYSDeO1HDygOmbMR98i8t310SNvw15TcPr1V2yF3lnmeP+T8Q5yuGQ4AwIAWQ20c4q+/VWm3KpWbP3bUyI1LONmK4shHVuCfypQ1nHmxU4HBOk79zAt/As4yLDiD13GB6ogVom9VpgzxPUhJ8jfhPnBNiVUnnsVeEc94r9jFKY4Qrsxe1afqt99tf5mimVoRceM0JB/Ff8YKRwfanAQ7dXJLjhL8Z4BfVu2R+ZGj4q/pLvw3xbsW7jvI3Ar2+Fk9CSs9IDwcrBSbJ80Dmi0Y/hXVevpTSeC9cam4l/wifto29wZfPHRvOAjj6Eim7C6MLMmo4S47Qlw6hJuNzE36qT5ZG5tpYsZoH+qit3zZnkxjlUoZozJDc2IcXmR9p7CpJwQG2ChTprt/GUM527aWUhBws+N6L3Gjmt3LdiuupUStdLQ1nH7q11TpxStGvCg5LjQMT6yRo/SGD11nq7k5VnQOLughEjud/vokmd2nezrv+NOrjCqH+HhPcNEALcXKrLsgn28sl56UDD9rqir3T7IMl7os6/J4jPRFHPLcXIHjznq787Z+v5WDDtRnPah0DE0nuawvlbmu97v5YD47dUca3PYhO+vKHU02ZkLRM6HZWY/nHYhMpRvsV/3As8NebnNFgk7dVw02L/aepppcIzD7rch6EwpFgcOLHzEhmO9XJ4h7OSjGCgTaRismil5oSs8qdeZHndZTC/kEBxf/pQmDufmOq0q5DsxNd651tDJ2p9A0462xtd56++Wic7D7wUl77eZKXtoPu7k3tcO5ZnNOYm+6mgbjC2ca7fWtEWlq39Ug6MvGrm+oNq/o3XONIBT6Y6jIHV+nqehKLIY1fXVY6kwxAt1gtN4nQ1ZX0HIkuI0p2uZkvDZayewwl9yTuZNftk3TGxXmVuA0ndPQgEzwbDCfSlxz6B3DTU/eFeupMN/nr9tWmsAA1ELvKGpT57g5QrHPCptUeTPExpGMkDcUMuaQJ13lBAw96MZ9dqudgsAIpdPK4BcpXkNJ2Yyt2VLf5aoCddj5nFPnklMHjjTu0Jd9nTmENUs8CKA2X3AnZ/cCOZ1hDz3Wt/XToCFoA3kyfzuQ2kFfuKue54RgMtU4NVVmUrw7DKe7qVhMIB4MxRdwnEqasBzxrpUZB3UZhu5xIbe2GW8cTsz4mL6cpt4sGoAjZsjMWBTRSS9yFDKtaQ53qW5BXk/07UtDOto9ZhKnxymucV55LD5v9LvychSY94fkwzF6vo4CRkZF8lGSYwdXynP26xeelNZtY48QJqS8GX8EbcPb7HB9/4qfvX8ss9BGBvJwaFXvtv7fG9f9cj5A+Ifh4TJ3tBqsaAOXrwsNXqyzwBXrSHStestxGhyPWaHVRL81afwfc0ApGHt7g1F2lca0nqpS6dE3xMp+Xmj2gS01vlN3S9M2TdkPoOOk56I/Z/QV+O/7+NfIF/iPkeU4cv0zxrkbl8fq1x1GYdvGVorT6s+BzjutMo6zSTRJoZvh9Fw9HryrnnSZ014x8hMfn8ub3v7eN81XyJ+WrhSoheOfl8k5agfTquCyYez3kOw15G/Quu3SveOfH086HWapjy7hP6zcG07iENOCP+DCCpMAlz23rkZXxnefT/IHdOZTOvd4mRedTxAOaYEqpfg3E7BBdwJF+Em2jS9M1cjBBZ1/WdFtSMC1EeDZBgCSBfhGw3GxJdo8EkRUfU+KUs1wkX2hkgP6hUAHkOdffkSgNjrbUfWU/uRx6kzpNwLtLHbKcSqJ0+xesC/Av1j7oLsX7a69XT33m+k2/D//BQ==
+pVdbd6LKEn4/a+3/4HIeswjNXV1J9mlBDSoqQY3m5awGGkG5SaOgv363eJkkk5k9e58nreqqr76q6kvx8GcZhbU9zkiQxI917h7U/3z64z8PBEVh2nrBJE1igmvUKCatk/KxvsviVoJIQFoxijBp5U7Lgsawxd+DFiIEZzmFqr9zSX/tk2ZJnjhJWK/p2mM99UpXQZyA5QYjKU2ZQZwoMQpny4zckOWG4ng2Bo16bX7lTDGoKyE7rMckR3FOVYATGSAzQJwCvsXzLcC/1WsaJnkQo7zy8vM8bbEsStP7aOei+zhhCUlYh6a7izAFjK/JT5PH+v88R0SCaANGwZ7NAI7HjIMQZpQGbzs2J9i20Kg/VWVrVVyyp1MEcgmRxDhMVkF87yQRezLiH9j3tg8uaVnBipLbZddqu+TGsiiK+0K4T7IVywMAWNBkqY1LgtW3Ou1WrXb1x64ee0kFp6I4iQMHhcGxStnAuZ+4NRiukizI/egn4BzLgRM4g0uHcTgx/lZnqxDfg1QkfxPuA9eMIIb4iLsgnvBesIczHDu4NnvRH+vffrf9VYrTDMXES7KIfBT/GSsc72lzUuwy5JocJfjPAL+s2gP7I0ctWNFd+G+Kdyncd5A5Cnf4yTSCbKGRRTcT7J22Edb93kxZEeF5AR4rAu+NK8Wt5Gfx07a5NfjsMXcLCGab2WHeD0cjLd8tem3be5baqTDmhyNV6q4jfqBvdSk6mJOyLePpXbnDLDviouex7/fWLihJrBZjGzXjgemvUbOBZmFmBX3LM+3xejvaimXHBfpLNN3Y3sEB3mD7miwSXV7aeRjMmwobHtN096pk8Hki2sHsyAf5myKsZcnxxjbXSWy1OzIeb+m840+vMqoc4MMtwYUEmhrK0U1QTzeWR09Kjp8MXVd7R1WFS1NVTXU0csxFEgn8XIOj9mqz9TdBr1mANjRnXai1LcMkhWoutblp9jpFfz47doYG3PQgN+uobUO1ZmLZncJpezWat6Ez1Trh7q0X+nbULWy+TJ1j58WAjbO9b+hTXgqnvWaMXsVS0+Dg7EemEMx3b0eIuwUoRxoExtoox5pZGloXVbrpR53R1Uv1CPtn/+UUhvPpO6465dqfrjtzo21UsdulYViv0ga9dnfLRXtv98Kj8dIptKKyH3QKf2JHc8Pm3dRedwwDJmfONNrLqxQbes8zIOip1rZn6bagmZ1TjSAUeyOoqe3ApKmYWiJHd+bbfmmy5RB0wuFqlw44U3OWQ9GTJs6mIKOV1Uxn+7niHadb9XnTmPrDcroRecPkDadPxnjWn08UvjHwD9G6q27L1USc74qXTTNLYQjuIv8gGxP3sD5AuceJ60x7tWTpQIaOPxBzdl+kHe0ILDPsJD1uYxzD0IqU45slLDK8goq2HqHZ0twWugZN2P6cU/ucUxsODX7fUwOT3Ud3SN6L4G6+4I/u9hnyJsvtu1xgm8e+JBp9dTx/3ZO7vbnw3rq+G4HxxOD1TJspyXY/mGwncjmGuD+Qn8Fhohjicih4KLf2+jKKvMNCbW5ywdof2dEhez5O/FncBwfMkpm1KOOjWRZOxDYnBdxmJoKCmZqbZ0k52F12nGSHCb7j/epYfN7oN+X5KLDvD8mHY/R0GQWsnIrko6QmLq5V5+zXLzyprFvWznEwIdXN+CNoC15nh8v7V/7s/ePYhTG0HB9HqH6zDf7emAmq+cDBPwwP57mjKXGyDTyBESVBZjjgyYwje4hpuq7EC5gTmw3ntyaN/2MOqARrZ6+xk1+kEa2nrtW69A1B+c8Lzd1zlSZwGa8ybdGUgxC6bnYq+lNOX4H/vo9/iXyG/xhZTWIvOGGcunF+rH7dYSdq2RhlOKv/HOi002qjJB/H4wx6Oc5O1RPAu+op5zntBTtBGuBTebPr39um+Qr509KFArVwg9MyOUVtY1oVXDWM+x6Su4T8DVrXXbpzg9PjSafDPAucc/gPK7eGkyTCtOD3uERRGuKq5+hidGF88/kkf0BnP6Vzi5f78ekE4YgWqFaJfzMBW3QnUISfZCt9YarHLi7p/MvJnqQAz3aAwEkAKAgIkuR6GMm24IiyU39PilLNcZl/oVJD+oVAB5CnX35EOC3nZEfVE/pTJJk7od8ItLPYrcapNMnyW8G+AP9i7YPuVrSb9nr13G6m6/D/9Bc=

test/test_helper.rb

@@ -151,6 +151,10 @@ def response_document_without_recipient
     @response_document_without_recipient ||= read_response("response_with_undefined_recipient.xml.base64")
   end
 
+  def signed_response_document_without_recipient
+    @signed_response_document_without_recipient ||= read_response("signed_response_with_undefined_recipient.xml.base64")
+  end
+
   def response_document_without_recipient_with_time_updated
     doc = Base64.decode64(response_document_without_recipient)
     doc.gsub!(/NotBefore="(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z"/, "NotBefore=\"#{(Time.now-300).getutc.strftime("%Y-%m-%dT%XZ")}\"")