Fix specs

Author: johnnyshields

README.md

@@ -585,8 +585,8 @@ to specify different certificates for each function.
 You may also globally set the SP signature and digest method, to be used in SP signing (functions 1 and 2 above):
 
 ```ruby
-settings.security[:digest_method]    = RubySaml::XML::Document::SHA1
-settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA1
+settings.security[:digest_method]    = RubySaml::XML::Crypto::SHA1
+settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA1
 ```
 
 #### Signing SP Metadata

lib/ruby_saml/settings.rb

@@ -252,11 +252,13 @@ def get_binding(value)
       # @deprecated Will be removed in v2.1.0
       define_method(old_param) do
         removed_deprecation(old_param, new_value)
+        new_value
       end
 
       # @deprecated Will be removed in v2.1.0
       define_method(:"#{old_param}=") do |_|
         removed_deprecation(old_param, new_value)
+        new_value
       end
     end
 

test/authrequest_test.rb

@@ -36,7 +36,7 @@ class AuthrequestTest < Minitest::Test
       zstream.finish
       zstream.close
 
-      assert_match(/<samlp:AuthnRequest[^<]* Destination='http:\/\/example.com'/, inflated)
+      assert_match(/<samlp:AuthnRequest[^<]* Destination="http:\/\/example\.com"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter without deflating" do
@@ -61,7 +61,7 @@ class AuthrequestTest < Minitest::Test
       zstream.finish
       zstream.close
 
-      assert_match(/<samlp:AuthnRequest[^<]* IsPassive='true'/, inflated)
+      assert_match(/<samlp:AuthnRequest[^<]* IsPassive="true"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter with ProtocolBinding" do
@@ -76,7 +76,7 @@ class AuthrequestTest < Minitest::Test
       zstream.finish
       zstream.close
 
-      assert_match(/<samlp:AuthnRequest[^<]* ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'/, inflated)
+      assert_match(/<samlp:AuthnRequest[^<]* ProtocolBinding="urn:oasis:names:tc:SAML:2\.0:bindings:HTTP-POST"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter with AttributeConsumingServiceIndex" do
@@ -90,7 +90,7 @@ class AuthrequestTest < Minitest::Test
       inflated = zstream.inflate(decoded)
       zstream.finish
       zstream.close
-      assert_match(/<samlp:AuthnRequest[^<]* AttributeConsumingServiceIndex='30'/, inflated)
+      assert_match(/<samlp:AuthnRequest[^<]* AttributeConsumingServiceIndex="30"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter with ForceAuthn" do
@@ -104,7 +104,7 @@ class AuthrequestTest < Minitest::Test
       inflated = zstream.inflate(decoded)
       zstream.finish
       zstream.close
-      assert_match(/<samlp:AuthnRequest[^<]* ForceAuthn='true'/, inflated)
+      assert_match(/<samlp:AuthnRequest[^<]* ForceAuthn="true"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter with NameID Format" do
@@ -118,8 +118,8 @@ class AuthrequestTest < Minitest::Test
       zstream.finish
       zstream.close
 
-      assert_match(/<samlp:NameIDPolicy[^<]* AllowCreate='true'/, inflated)
-      assert_match(/<samlp:NameIDPolicy[^<]* Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/, inflated)
+      assert_match(/<samlp:NameIDPolicy[^<]* AllowCreate="true"/, inflated)
+      assert_match(/<samlp:NameIDPolicy[^<]* Format="urn:oasis:names:tc:SAML:2\.0:nameid-format:transient"/, inflated)
     end
 
     it "create the SAMLRequest URL parameter with Subject" do
@@ -135,8 +135,8 @@ class AuthrequestTest < Minitest::Test
       zstream.close
 
       assert inflated.include?('<saml:Subject>')
-      assert inflated.include?("<saml:NameID Format='urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'>testuser@example.com</saml:NameID>")
-      assert inflated.include?("<saml:SubjectConfirmation Method='urn:oasis:names:tc:SAML:2.0:cm:bearer'/>")
+      assert inflated.include?('<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">testuser@example.com</saml:NameID>')
+      assert inflated.include?('<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>')
     end
 
     it "accept extra parameters" do
@@ -199,9 +199,9 @@ class AuthrequestTest < Minitest::Test
 
       it "can mutate the uuid" do
         request = RubySaml::Authrequest.new
-        request_id = request.request_id
         assert_nil request.uuid
-        assert_nil request_id
+        assert_nil request.request_id
+
         request.uuid = "new_uuid"
         assert_equal "new_uuid", request.uuid
         assert_equal request.uuid, request.request_id
@@ -225,7 +225,7 @@ class AuthrequestTest < Minitest::Test
       it "create the SAMLRequest parameter correctly" do
 
         auth_url = RubySaml::Authrequest.new.create(settings)
-        assert_match(/^http:\/\/example.com\?SAMLRequest/, auth_url)
+        assert_match(/^http:\/\/example\.com\?SAMLRequest/, auth_url)
       end
     end
 
@@ -234,7 +234,7 @@ class AuthrequestTest < Minitest::Test
         settings.idp_sso_service_url = "http://example.com?field=value"
 
         auth_url = RubySaml::Authrequest.new.create(settings)
-        assert_match(/^http:\/\/example.com\?field=value&SAMLRequest/, auth_url)
+        assert_match(/^http:\/\/example\.com\?field=value&SAMLRequest/, auth_url)
       end
     end
 
@@ -254,22 +254,22 @@ class AuthrequestTest < Minitest::Test
     it "create the saml:AuthnContextClassRef with comparison exact" do
       settings.authn_context = 'secure/name/password/uri'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert_match(/<samlp:RequestedAuthnContext[\S ]+Comparison='exact'/, auth_doc.to_s)
+      assert_match(/<samlp:RequestedAuthnContext[\S ]+Comparison="exact"/, auth_doc.to_s)
       assert_match(/<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/, auth_doc.to_s)
     end
 
     it "create the saml:AuthnContextClassRef with comparison minimun" do
       settings.authn_context = 'secure/name/password/uri'
       settings.authn_context_comparison = 'minimun'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert_match(/<samlp:RequestedAuthnContext[\S ]+Comparison='minimun'/, auth_doc.to_s)
+      assert_match(/<samlp:RequestedAuthnContext[\S ]+Comparison="minimun"/, auth_doc.to_s)
       assert_match(/<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/, auth_doc.to_s)
     end
 
     it "create the saml:AuthnContextDeclRef element correctly" do
       settings.authn_context_decl_ref = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert_match(/<saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport<\/saml:AuthnContextDeclRef>/, auth_doc.to_s)
+      assert_match(/<saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2\.0:ac:classes:PasswordProtectedTransport<\/saml:AuthnContextDeclRef>/, auth_doc.to_s)
     end
 
     it "create the saml:AuthnContextClassRef element correctly" do
@@ -281,22 +281,22 @@ class AuthrequestTest < Minitest::Test
     it "create the saml:AuthnContextClassRef with comparison exact" do
       settings.authn_context = 'secure/name/password/uri'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert auth_doc.to_s =~ /<samlp:RequestedAuthnContext[\S ]+Comparison='exact'/
+      assert auth_doc.to_s =~ /<samlp:RequestedAuthnContext[\S ]+Comparison="exact"/
       assert auth_doc.to_s =~ /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/
     end
 
     it "create the saml:AuthnContextClassRef with comparison minimun" do
       settings.authn_context = 'secure/name/password/uri'
       settings.authn_context_comparison = 'minimun'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert auth_doc.to_s =~ /<samlp:RequestedAuthnContext[\S ]+Comparison='minimun'/
+      assert auth_doc.to_s =~ /<samlp:RequestedAuthnContext[\S ]+Comparison="minimun"/
       assert auth_doc.to_s =~ /<saml:AuthnContextClassRef>secure\/name\/password\/uri<\/saml:AuthnContextClassRef>/
     end
 
     it "create the saml:AuthnContextDeclRef element correctly" do
       settings.authn_context_decl_ref = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
       auth_doc = RubySaml::Authrequest.new.create_authentication_xml_doc(settings)
-      assert auth_doc.to_s =~ /<saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport<\/saml:AuthnContextDeclRef>/
+      assert auth_doc.to_s =~ /<saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2\.0:ac:classes:PasswordProtectedTransport<\/saml:AuthnContextDeclRef>/
     end
 
     it "create multiple saml:AuthnContextDeclRef elements correctly " do
@@ -329,7 +329,7 @@ class AuthrequestTest < Minitest::Test
         unless sp_hash_algo == :sha256
           it 'using mixed signature and digest methods (signature SHA256)' do
             # RSA is ignored here; only the hash sp_key_algo is used
-            settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA256
+            settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA256
             params = RubySaml::Authrequest.new.create_params(settings)
             request_xml = Base64.decode64(params["SAMLRequest"])
 
@@ -339,7 +339,7 @@ class AuthrequestTest < Minitest::Test
           end
 
           it 'using mixed signature and digest methods (digest SHA256)' do
-            settings.security[:digest_method] = RubySaml::XML::Document::SHA256
+            settings.security[:digest_method] = RubySaml::XML::Crypto::SHA256
             params = RubySaml::Authrequest.new.create_params(settings)
             request_xml = Base64.decode64(params["SAMLRequest"])
 
@@ -428,7 +428,7 @@ class AuthrequestTest < Minitest::Test
         unless sp_hash_algo == :sha256
           it 'using mixed signature and digest methods (signature SHA256)' do
             # RSA is ignored here; only the hash sp_key_algo is used
-            settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA256
+            settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA256
             params = RubySaml::Authrequest.new.create_params(settings, :RelayState => 'http://example.com')
 
             assert params['SAMLRequest']
@@ -444,7 +444,7 @@ class AuthrequestTest < Minitest::Test
           end
 
           it 'using mixed signature and digest methods (digest SHA256)' do
-            settings.security[:digest_method] = RubySaml::XML::Document::SHA256
+            settings.security[:digest_method] = RubySaml::XML::Crypto::SHA256
             params = RubySaml::Authrequest.new.create_params(settings, :RelayState => 'http://example.com')
 
             assert params['SAMLRequest']
@@ -461,7 +461,7 @@ class AuthrequestTest < Minitest::Test
         end
 
         it "create a signature parameter using the first certificate and key" do
-          settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA1
+          settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA1
           settings.certificate = nil
           settings.private_key = nil
           cert, pkey = CertificateHelper.generate_pair(sp_key_algo)

test/idp_metadata_parser_test.rb

@@ -157,27 +157,27 @@ def initialize; end
       settings = idp_metadata_parser.parse(idp_metadata, {
         :settings => {
           :security => {
-            :digest_method => RubySaml::XML::Document::SHA256,
-            :signature_method => RubySaml::XML::Document::RSA_SHA256
+            :digest_method => RubySaml::XML::Crypto::SHA256,
+            :signature_method => RubySaml::XML::Crypto::RSA_SHA256
           }
         }
       })
       assert_equal "C4:C6:BD:41:EC:AD:57:97:CE:7B:7D:80:06:C3:E4:30:53:29:02:0B:DD:2D:47:02:9E:BD:85:AD:93:02:45:21", settings.idp_cert_fingerprint
-      assert_equal RubySaml::XML::Document::SHA256, settings.get_sp_digest_method
-      assert_equal RubySaml::XML::Document::RSA_SHA256, settings.get_sp_signature_method
+      assert_equal RubySaml::XML::Crypto::SHA256, settings.get_sp_digest_method
+      assert_equal RubySaml::XML::Crypto::RSA_SHA256, settings.get_sp_signature_method
     end
 
     it "merges results into given settings object" do
       settings = RubySaml::Settings.new(:security => {
-        :digest_method => RubySaml::XML::Document::SHA256,
-        :signature_method => RubySaml::XML::Document::RSA_SHA256
+        :digest_method => RubySaml::XML::Crypto::SHA256,
+        :signature_method => RubySaml::XML::Crypto::RSA_SHA256
       })
 
       RubySaml::IdpMetadataParser.new.parse(idp_metadata_descriptor, :settings => settings)
 
       assert_equal "C4:C6:BD:41:EC:AD:57:97:CE:7B:7D:80:06:C3:E4:30:53:29:02:0B:DD:2D:47:02:9E:BD:85:AD:93:02:45:21", settings.idp_cert_fingerprint
-      assert_equal RubySaml::XML::Document::SHA256, settings.get_sp_digest_method
-      assert_equal RubySaml::XML::Document::RSA_SHA256, settings.get_sp_signature_method
+      assert_equal RubySaml::XML::Crypto::SHA256, settings.get_sp_digest_method
+      assert_equal RubySaml::XML::Crypto::RSA_SHA256, settings.get_sp_signature_method
     end
   end
 
@@ -256,8 +256,8 @@ def initialize; end
       parsed_metadata = idp_metadata_parser.parse_to_hash(idp_metadata, {
         :settings => {
           :security => {
-            :digest_method => RubySaml::XML::Document::SHA256,
-            :signature_method => RubySaml::XML::Document::RSA_SHA256
+            :digest_method => RubySaml::XML::Crypto::SHA256,
+            :signature_method => RubySaml::XML::Crypto::RSA_SHA256
           }
         }
       })

test/logoutrequest_test.rb

@@ -78,7 +78,7 @@ class RequestTest < Minitest::Test
         settings.idp_slo_service_url = "http://example.com?field=value"
 
         unauth_url = RubySaml::Logoutrequest.new.create(settings)
-        assert_match(/^http:\/\/example.com\?field=value&SAMLRequest/, unauth_url)
+        assert_match(/^http:\/\/example\.com\?field=value&SAMLRequest/, unauth_url)
       end
     end
 
@@ -90,7 +90,7 @@ class RequestTest < Minitest::Test
         unauth_url = unauth_req.create(settings)
 
         inflated = decode_saml_request_payload(unauth_url)
-        assert_match %r[ID='#{unauth_req.uuid}'], inflated
+        assert_match %r[ID="#{unauth_req.uuid}"], inflated
       end
     end
 
@@ -132,9 +132,9 @@ class RequestTest < Minitest::Test
 
       it "can mutate the uuid" do
         request = RubySaml::Logoutrequest.new
-        request_id = request.request_id
         assert_nil request.uuid
-        assert_nil request_id
+        assert_nil request.request_id
+
         request.uuid = "new_uuid"
         assert_equal "new_uuid", request.uuid
         assert_equal request.uuid, request.request_id
@@ -198,7 +198,7 @@ class RequestTest < Minitest::Test
         unless sp_hash_algo == :sha256
           it 'using mixed signature and digest methods (signature SHA256)' do
             # RSA is ignored here; only the hash sp_key_algo is used
-            settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA256
+            settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA256
             params = RubySaml::Logoutrequest.new.create_params(settings)
             request_xml = Base64.decode64(params["SAMLRequest"])
 
@@ -208,7 +208,7 @@ class RequestTest < Minitest::Test
           end
 
           it 'using mixed signature and digest methods (digest SHA256)' do
-            settings.security[:digest_method] = RubySaml::XML::Document::SHA256
+            settings.security[:digest_method] = RubySaml::XML::Crypto::SHA256
             params = RubySaml::Logoutrequest.new.create_params(settings)
             request_xml = Base64.decode64(params["SAMLRequest"])
 
@@ -294,7 +294,7 @@ class RequestTest < Minitest::Test
         unless sp_hash_algo == :sha256
           it 'using mixed signature and digest methods (signature SHA256)' do
             # RSA is ignored here; only the hash sp_key_algo is used
-            settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA256
+            settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA256
             params = RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
 
             assert params['SAMLRequest']
@@ -310,7 +310,7 @@ class RequestTest < Minitest::Test
           end
 
           it 'using mixed signature and digest methods (digest SHA256)' do
-            settings.security[:digest_method] = RubySaml::XML::Document::SHA256
+            settings.security[:digest_method] = RubySaml::XML::Crypto::SHA256
             params = RubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
 
             assert params['SAMLRequest']

test/metadata_test.rb

@@ -370,7 +370,7 @@ class MetadataTest < Minitest::Test
           unless sp_hash_algo == :sha256
             it 'using mixed signature and digest methods (signature SHA256)' do
               # RSA is ignored here; only the hash sp_key_algo is used
-              settings.security[:signature_method] = RubySaml::XML::Document::RSA_SHA256
+              settings.security[:signature_method] = RubySaml::XML::Crypto::RSA_SHA256
               signed_metadata = RubySaml::XML::SignedDocument.new(xml_text)
 
               assert_match(signature_value_matcher, xml_text)
@@ -381,7 +381,7 @@ class MetadataTest < Minitest::Test
             end
 
             it 'using mixed signature and digest methods (digest SHA256)' do
-              settings.security[:digest_method] = RubySaml::XML::Document::SHA256
+              settings.security[:digest_method] = RubySaml::XML::Crypto::SHA256
               signed_metadata = RubySaml::XML::SignedDocument.new(xml_text)
 
               assert_match(signature_value_matcher, xml_text)