Merge pull request #39 from aykevl/fixes

russellhaering · web-flow · commit d396ec6179db · 2020-09-29T21:50:19.000-07:00
Be more flexible in the accepted XML
diff --git a/sign.go b/sign.go
@@ -92,10 +92,11 @@ func (ctx *SigningContext) constructSignedInfo(el *etree.Element, enveloped bool
 
 	dataId := el.SelectAttrValue(ctx.IdAttribute, "")
 	if dataId == "" {
-		return nil, errors.New("Missing data ID")
+		reference.CreateAttr(URIAttr, "")
+	} else {
+		reference.CreateAttr(URIAttr, "#"+dataId)
 	}
 
-	reference.CreateAttr(URIAttr, "#"+dataId)
 
 	// /SignedInfo/Reference/Transforms
 	transforms := ctx.createNamespacedElement(reference, TransformsTag)
diff --git a/sign_test.go b/sign_test.go
@@ -96,17 +96,6 @@ func TestSignErrors(t *testing.T) {
 
 	_, err := ctx.SignEnveloped(authnRequest)
 	require.Error(t, err)
-
-	randomKeyStore = RandomKeyStoreForTest()
-	ctx = NewDefaultSigningContext(randomKeyStore)
-
-	authnRequest = &etree.Element{
-		Space: "samlp",
-		Tag:   "AuthnRequest",
-	}
-
-	_, err = ctx.SignEnveloped(authnRequest)
-	require.Error(t, err)
 }
 
 func TestSignNonDefaultID(t *testing.T) {
diff --git a/validate.go b/validate.go
@@ -234,16 +234,17 @@ func (ctx *ValidationContext) verifySignedInfo(sig *types.Signature, canonicaliz
 }
 
 func (ctx *ValidationContext) validateSignature(el *etree.Element, sig *types.Signature, cert *x509.Certificate) (*etree.Element, error) {
-	idAttr := el.SelectAttr(ctx.IdAttribute)
-	if idAttr == nil || idAttr.Value == "" {
-		return nil, errors.New("Missing ID attribute")
+	idAttrEl := el.SelectAttr(ctx.IdAttribute)
+	idAttr := ""
+	if idAttrEl != nil {
+		idAttr = idAttrEl.Value
 	}
 
 	var ref *types.Reference
 
 	// Find the first reference which references the top-level element
 	for _, _ref := range sig.SignedInfo.References {
-		if _ref.URI == "" || _ref.URI[1:] == idAttr.Value {
+		if _ref.URI == "" || _ref.URI[1:] == idAttr {
 			ref = &_ref
 		}
 	}
@@ -318,9 +319,10 @@ func validateShape(signatureEl *etree.Element) error {
 
 // findSignature searches for a Signature element referencing the passed root element.
 func (ctx *ValidationContext) findSignature(root *etree.Element) (*types.Signature, error) {
-	idAttr := root.SelectAttr(ctx.IdAttribute)
-	if idAttr == nil || idAttr.Value == "" {
-		return nil, errors.New("Missing ID attribute")
+	idAttrEl := root.SelectAttr(ctx.IdAttribute)
+	idAttr := ""
+	if idAttrEl != nil {
+		idAttr = idAttrEl.Value
 	}
 
 	var sig *types.Signature
@@ -403,7 +405,7 @@ func (ctx *ValidationContext) findSignature(root *etree.Element) (*types.Signatu
 		// Traverse references in the signature to determine whether it has at least
 		// one reference to the top level element. If so, conclude the search.
 		for _, ref := range _sig.SignedInfo.References {
-			if ref.URI == "" || ref.URI[1:] == idAttr.Value {
+			if ref.URI == "" || ref.URI[1:] == idAttr {
 				sig = _sig
 				return etreeutils.ErrTraversalHalted
 			}
