Fixes handling signed response with encrypted assertions (#273)

When the response is signed, the verification must happen before the assertion is decrypted since the encrypted XML is used in the signature digest. The response signature is sufficient unless the assertion is also signed in which case both must be valid.
crewjam · Aug 5, 2020 · 1897fa4 · 1897fa4
1 parent 97641c4
commit 1897fa4
Show file tree

Hide file tree

Showing 2 changed files with 201 additions and 1 deletion.
diff --git a/service_provider.go b/service_provider.go
@@ -578,6 +578,21 @@ func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleR
 			retErr.PrivateErr = err
 			return nil, retErr
 		}
+
+		// encrypted assertions are part of the signature
+		// before decrypting the response verify that
+		responseSigned, err := responseIsSigned(doc)
+		if err != nil {
+			retErr.PrivateErr = err
+			return nil, retErr
+		}
+		if responseSigned {
+			if err := sp.validateSigned(doc.Root()); err != nil {
+				retErr.PrivateErr = err
+				return nil, retErr
+			}
+		}
+
 		var key interface{} = sp.Key
 		keyEl := doc.FindElement("//EncryptedAssertion/EncryptedKey")
 		if keyEl != nil {
@@ -602,7 +617,9 @@ func (sp *ServiceProvider) ParseXMLResponse(decodedResponseXML []byte, possibleR
 			return nil, retErr
 		}
 
-		if err := sp.validateSigned(doc.Root()); err != nil {
+		// the decrypted assertion may be signed too
+		// otherwise, a signed response is sufficient
+		if err := sp.validateSigned(doc.Root()); err != nil && !responseSigned {
 			retErr.PrivateErr = err
 			return nil, retErr
 		}