From 963f059300d71c8b98e0599d0e30dc948afe9dd2 Mon Sep 17 00:00:00 2001
From: Deepak Prabhakara <deepak@boxyhq.com>
Date: Wed, 18 Dec 2024 12:19:35 +0000
Subject: [PATCH] fix for signature checks failing with &#13; chars

---
 lib/validateSignature.ts                      |  2 +-
 test/lib/saml20.responseSignedMessage.spec.ts | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/validateSignature.ts b/lib/validateSignature.ts
index 8ab289c7..bed0fc7e 100644
--- a/lib/validateSignature.ts
+++ b/lib/validateSignature.ts
@@ -58,7 +58,7 @@ const _hasValidSignature = (xml, cert, certThumbprint) => {
     idAttribute: 'AssertionID',
   });
 
-  signed.loadSignature(signature.toString());
+  signed.loadSignature(signature);
 
   let valid;
   let id, calculatedThumbprint;
diff --git a/test/lib/saml20.responseSignedMessage.spec.ts b/test/lib/saml20.responseSignedMessage.spec.ts
index 7629b09e..3b2e4d27 100644
--- a/test/lib/saml20.responseSignedMessage.spec.ts
+++ b/test/lib/saml20.responseSignedMessage.spec.ts
@@ -4,7 +4,9 @@ import fs from 'fs';
 
 // Tests Configuration
 const validResponse = fs.readFileSync('./test/assets/saml20.validResponseSignedMessage.xml').toString();
-const validResponseUnsanitized = fs.readFileSync('./test/assets/saml20.validResponseSignedMessage-unsanitized.xml').toString();
+const validResponseUnsanitized = fs
+  .readFileSync('./test/assets/saml20.validResponseSignedMessage-unsanitized.xml')
+  .toString();
 
 const issuerName = 'http://idp.example.com/metadata.php';
 const thumbprint = 'e606eced42fa3abd0c5693456384f5931b174707';
@@ -94,7 +96,7 @@ describe('saml20.responseSignedMessage', function () {
   });
 });
 
-describe('saml20.validResponseSignedMessage-unsanitized', function () {
+describe('saml20.validResponseSignedMessageUnsanitized', function () {
   it('Should validate saml 2.0 token using thumbprint', async function () {
     const response = await validate(validResponseUnsanitized, {
       thumbprint: thumbprint,
@@ -147,7 +149,7 @@ describe('saml20.validResponseSignedMessage-unsanitized', function () {
     }
   });
 
-  it('Should fail with invalid assertion', async function () {
+  it('Should fail with missing root element', async function () {
     try {
       await validate('invalid-assertion', {
         publicKey: certificate,
@@ -156,7 +158,7 @@ describe('saml20.validResponseSignedMessage-unsanitized', function () {
       });
     } catch (error) {
       const result = (error as Error).message;
-      assert.strictEqual(result, 'Invalid assertion.');
+      assert.strictEqual(result, 'missing root element');
     }
   });