test/response_test.rb in ruby-saml-1.8.0 vs test/response_test.rb in ruby-saml-1.9.0

@@ -625,10 +625,25 @@
           response_without_attributes.send(:validate_structure)
         }
       end
     end
 
+    describe "validate_formatted_x509_certificate" do
+      let(:response_with_formatted_x509certificate) {
+        OneLogin::RubySaml::Response.new(read_response("valid_response_with_formatted_x509certificate.xml.base64"), {
+          :skip_conditions => true,
+          :skip_subject_confirmation => true })
+        }
+
+      it "be able to parse the response wihout errors" do
+        response_with_formatted_x509certificate.settings = settings
+        response_with_formatted_x509certificate.settings.idp_cert = ruby_saml_cert_text
+        assert response_with_formatted_x509certificate.is_valid?
+        assert_empty response_with_formatted_x509certificate.errors
+      end
+    end
+
     describe "#validate_in_response_to" do
       it "return true when the inResponseTo value matches the Request ID" do
         response = OneLogin::RubySaml::Response.new(response_document_valid_signed, :settings => settings, :matches_request_id => "_fc4a34b0-7efb-012e-caae-782bcb13bb38")
         assert response.send(:validate_in_response_to)
         assert_empty response.errors
@@ -800,11 +815,11 @@
       end
 
       it "return false when the session has expired" do
         response.settings = settings
         assert !response.send(:validate_session_expiration)
-        assert_includes response.errors, "The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response"
+        assert_includes response.errors, "The attributes have expired, based on the SessionNotOnOrAfter of the AuthnStatement of this Response"
       end
 
       it "returns true when the session has expired, but is still within the allowed_clock_drift" do
         drift = (Time.now - Time.parse("2010-11-19T21:57:37Z")) * 60 # seconds ago that this assertion expired
         drift += 10 # add a buffer of 10 seconds to make sure the test passes
@@ -1052,9 +1067,27 @@
 
         Timecop.freeze(Time.parse("2011-06-14T18:21:01Z")) do
           special_response_with_saml2_namespace = OneLogin::RubySaml::Response.new(
             response_document_with_saml2_namespace,
             :allowed_clock_drift => 0.516
+          )
+          assert special_response_with_saml2_namespace.send(:validate_conditions)
+        end
+
+        Timecop.freeze(Time.parse("2011-06-14T18:21:01Z")) do
+          settings.soft = true
+          special_response_with_saml2_namespace = OneLogin::RubySaml::Response.new(
+            response_document_with_saml2_namespace,
+            :allowed_clock_drift => '0.515',
+            :settings => settings
+          )
+          assert !special_response_with_saml2_namespace.send(:validate_conditions)
+        end
+
+        Timecop.freeze(Time.parse("2011-06-14T18:21:01Z")) do
+          special_response_with_saml2_namespace = OneLogin::RubySaml::Response.new(
+            response_document_with_saml2_namespace,
+            :allowed_clock_drift => '0.516'
           )
           assert special_response_with_saml2_namespace.send(:validate_conditions)
         end
       end
     end