added original signature version of validateAssertion() for tests to be happy

wz2b · wz2b · commit 8924fc8332bd · 2024-11-29T21:12:24.000Z
diff --git a/service_provider.go b/service_provider.go
@@ -1054,7 +1054,7 @@ func (sp *ServiceProvider) parseAssertion(assertionEl *etree.Element, checkFunct
 		return nil, err
 	}
 
-	if err := sp.validateAssertion(&assertion, checkFunction, now); err != nil {
+	if err := sp.validateAssertion2(&assertion, checkFunction, now); err != nil {
 		return nil, err
 	}
 
@@ -1065,7 +1065,11 @@ func (sp *ServiceProvider) parseAssertion(assertionEl *etree.Element, checkFunct
 // the requirements to accept. If validation fails, it returns an error describing
 // the failure. (The digital signature on the assertion is not checked -- this
 // should be done before calling this function).
-func (sp *ServiceProvider) validateAssertion(assertion *Assertion, checkFunction RequestIdCheckFunction, now time.Time) error {
+func (sp *ServiceProvider) validateAssertion(assertion *Assertion, allowedRequestIds []string, now time.Time) error {
+	return sp.validateAssertion2(assertion, createDefaultChecker(allowedRequestIds), now)
+}
+
+func (sp *ServiceProvider) validateAssertion2(assertion *Assertion, checkFunction RequestIdCheckFunction, now time.Time) error {
 	if assertion.IssueInstant.Add(MaxIssueDelay).Before(now) {
 		return fmt.Errorf("expired on %s", assertion.IssueInstant.Add(MaxIssueDelay))
 	}

Original file line number	Diff line number	Diff line change
`@@ -1054,7 +1054,7 @@ func (sp ServiceProvider) parseAssertion(assertionEl etree.Element, checkFunct`
`1054`	`1054`	`return nil, err`
`1055`	`1055`	`}`
`1056`	`1056`
`1057`		`- if err := sp.validateAssertion(&assertion, checkFunction, now); err != nil {`
	`1057`	`+ if err := sp.validateAssertion2(&assertion, checkFunction, now); err != nil {`
`1058`	`1058`	`return nil, err`
`1059`	`1059`	`}`
`1060`	`1060`
`@@ -1065,7 +1065,11 @@ func (sp ServiceProvider) parseAssertion(assertionEl etree.Element, checkFunct`
`1065`	`1065`	`// the requirements to accept. If validation fails, it returns an error describing`
`1066`	`1066`	`// the failure. (The digital signature on the assertion is not checked -- this`
`1067`	`1067`	`// should be done before calling this function).`
`1068`		`-func (sp ServiceProvider) validateAssertion(assertion Assertion, checkFunction RequestIdCheckFunction, now time.Time) error {`
	`1068`	`+func (sp ServiceProvider) validateAssertion(assertion Assertion, allowedRequestIds []string, now time.Time) error {`
	`1069`	`+ return sp.validateAssertion2(assertion, createDefaultChecker(allowedRequestIds), now)`
	`1070`	`+}`
	`1071`	`+`
	`1072`	`+func (sp ServiceProvider) validateAssertion2(assertion Assertion, checkFunction RequestIdCheckFunction, now time.Time) error {`
`1069`	`1073`	`if assertion.IssueInstant.Add(MaxIssueDelay).Before(now) {`
`1070`	`1074`	`return fmt.Errorf("expired on %s", assertion.IssueInstant.Add(MaxIssueDelay))`
`1071`	`1075`	`}`