kl-ruby-saml 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (24) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +2 -2
  4. data/lib/{xml_security.rb → kl_xml_security.rb} +5 -5
  5. data/lib/onelogin/kl-ruby-saml/authrequest.rb +2 -2
  6. data/lib/onelogin/kl-ruby-saml/logoutrequest.rb +2 -2
  7. data/lib/onelogin/kl-ruby-saml/logoutresponse.rb +2 -2
  8. data/lib/onelogin/kl-ruby-saml/metadata.rb +1 -1
  9. data/lib/onelogin/kl-ruby-saml/response.rb +7 -7
  10. data/lib/onelogin/kl-ruby-saml/saml_message.rb +1 -1
  11. data/lib/onelogin/kl-ruby-saml/settings.rb +5 -5
  12. data/lib/onelogin/kl-ruby-saml/slo_logoutresponse.rb +2 -2
  13. data/lib/onelogin/kl-ruby-saml/utils.rb +1 -1
  14. data/lib/onelogin/kl-ruby-saml/version.rb +1 -1
  15. data/test/logoutrequest_test.rb +16 -16
  16. data/test/logoutresponse_test.rb +4 -4
  17. data/test/metadata_test.rb +4 -4
  18. data/test/request_test.rb +8 -8
  19. data/test/response_test.rb +3 -3
  20. data/test/settings_test.rb +4 -4
  21. data/test/slo_logoutrequest_test.rb +4 -4
  22. data/test/slo_logoutresponse_test.rb +16 -16
  23. data/test/xml_security_test.rb +41 -41
  24. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4884c1dba78f622165653342c8a88d480cdcaf31
4
- data.tar.gz: 9d464006e257f4fc8d2a33b7cac07e07cef67782
3
+ metadata.gz: f44b4e601309171d6735398f138704b4ff54cea2
4
+ data.tar.gz: 525052e90ee9d5aa368972a8e1921a609f5aca2d
5
5
  SHA512:
6
- metadata.gz: ac0bf85d00dcd02969bb8e1fe31a6888eb6c662b23999482bccb930f6323f1a7c21fa9243347cd71259bad702468e77359cd95cd1cdb27574baa677d20f5d4d8
7
- data.tar.gz: 181f794dc678fad271057c6bc7738f7d58a747876a037b8548c1034d984080b33b02843c74004c8400bc5b1e0f4538953cf42cbbda13fc855285a42c5b3f089a
6
+ metadata.gz: 5094f8cd2198ebc0d0914c84325b2f13aa54ea51e766fc59ce66d5c03438b677998014d5559b5598a58467876ac7fbf95549932c802484eb7fc7729c24009230
7
+ data.tar.gz: f3c2aa6a89a0af160d3087f86106a16d651103cae3cc2503cdfab66cec4bc1db238948abebd156b28c52827ad13a06d044fda3e2be51e63d32c0a61a81205c52
data/Gemfile CHANGED
@@ -5,6 +5,6 @@ source 'https://rubygems.org'
5
5
 
6
6
  gemspec
7
7
 
8
- gem 'timecop'
9
8
  gem 'json'
9
+ gem 'timecop'
10
10
 
data/README.md CHANGED
@@ -376,8 +376,8 @@ The settings related to sign are stored in the `security` attribute of the setti
376
376
  settings.security[:logout_responses_signed] = true # Enable or not signature on Logout Response
377
377
  settings.security[:metadata_signed] = true # Enable or not signature on Metadata
378
378
 
379
- settings.security[:digest_method] = XMLSecurity::Document::SHA1
380
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
379
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA1
380
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
381
381
 
382
382
  # Embeded signature or HTTP GET parameter signature
383
383
  # Note that metadata signature is always embedded regardless of this value.
data/lib/{xml_security.rb → kl_xml_security.rb} RENAMED
@@ -31,7 +31,7 @@ require "digest/sha1"
31
31
  require "digest/sha2"
32
32
  require "onelogin/kl-ruby-saml/validation_error"
33
33
 
34
- module XMLSecurity
34
+ module KlXMLSecurity
35
35
 
36
36
  class BaseDocument < REXML::Document
37
37
  REXML::Document::entity_expansion_limit = 0
@@ -110,7 +110,7 @@ module XMLSecurity
110
110
  #</Signature>
111
111
  def sign_document(private_key, certificate, signature_method = RSA_SHA1, digest_method = SHA1)
112
112
  noko = Nokogiri.parse(self.to_s) do |options|
113
- options = XMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
113
+ options = KlXMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
114
114
  end
115
115
 
116
116
  signature_element = REXML::Element.new("ds:Signature").add_namespace('ds', DSIG)
@@ -134,7 +134,7 @@ module XMLSecurity
134
134
 
135
135
  # add SignatureValue
136
136
  noko_sig_element = Nokogiri.parse(signature_element.to_s) do |options|
137
- options = XMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
137
+ options = KlXMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
138
138
  end
139
139
 
140
140
  noko_signed_info_element = noko_sig_element.at_xpath('//ds:Signature/ds:SignedInfo', 'ds' => DSIG)
@@ -211,7 +211,7 @@ module XMLSecurity
211
211
  cert = OpenSSL::X509::Certificate.new(cert_text)
212
212
 
213
213
  if options[:fingerprint_alg]
214
- fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(options[:fingerprint_alg]).new
214
+ fingerprint_alg = KlXMLSecurity::BaseDocument.new.algorithm(options[:fingerprint_alg]).new
215
215
  else
216
216
  fingerprint_alg = OpenSSL::Digest::SHA1.new
217
217
  end
@@ -233,7 +233,7 @@ module XMLSecurity
233
233
  inclusive_namespaces = extract_inclusive_namespaces
234
234
 
235
235
  document = Nokogiri.parse(self.to_s) do |options|
236
- options = XMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
236
+ options = KlXMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
237
237
  end
238
238
 
239
239
  # create a working copy so we don't modify the original
data/lib/onelogin/kl-ruby-saml/authrequest.rb CHANGED
@@ -70,7 +70,7 @@ module OneLogin
70
70
  :relay_state => relay_state,
71
71
  :sig_alg => params['SigAlg']
72
72
  )
73
- sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
73
+ sign_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
74
74
  signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
75
75
  params['Signature'] = encode(signature)
76
76
  end
@@ -89,7 +89,7 @@ module OneLogin
89
89
  def create_authentication_xml_doc(settings)
90
90
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
91
91
 
92
- request_doc = XMLSecurity::Document.new
92
+ request_doc = KlXMLSecurity::Document.new
93
93
  request_doc.uuid = uuid
94
94
 
95
95
  root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
data/lib/onelogin/kl-ruby-saml/logoutrequest.rb CHANGED
@@ -68,7 +68,7 @@ module OneLogin
68
68
  :relay_state => relay_state,
69
69
  :sig_alg => params['SigAlg']
70
70
  )
71
- sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
71
+ sign_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
72
72
  signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
73
73
  params['Signature'] = encode(signature)
74
74
  end
@@ -87,7 +87,7 @@ module OneLogin
87
87
  def create_logout_request_xml_doc(settings)
88
88
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
89
89
 
90
- request_doc = XMLSecurity::Document.new
90
+ request_doc = KlXMLSecurity::Document.new
91
91
  request_doc.uuid = uuid
92
92
 
93
93
  root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol", "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
data/lib/onelogin/kl-ruby-saml/logoutresponse.rb CHANGED
@@ -1,4 +1,4 @@
1
- require "xml_security"
1
+ require "kl_xml_security"
2
2
  require "onelogin/kl-ruby-saml/saml_message"
3
3
 
4
4
  require "time"
@@ -44,7 +44,7 @@ module OneLogin
44
44
 
45
45
  @options = options
46
46
  @response = decode_raw_saml(response)
47
- @document = XMLSecurity::SignedDocument.new(@response)
47
+ @document = KlXMLSecurity::SignedDocument.new(@response)
48
48
  end
49
49
 
50
50
  # Append the cause to the errors array, and based on the value of soft, return false or raise
data/lib/onelogin/kl-ruby-saml/metadata.rb CHANGED
@@ -18,7 +18,7 @@ module OneLogin
18
18
  # @return [String] XML Metadata of the Service Provider
19
19
  #
20
20
  def generate(settings, pretty_print=false)
21
- meta_doc = XMLSecurity::Document.new
21
+ meta_doc = KlXMLSecurity::Document.new
22
22
  namespaces = {
23
23
  "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata"
24
24
  }
data/lib/onelogin/kl-ruby-saml/response.rb CHANGED
@@ -1,4 +1,4 @@
1
- require "xml_security"
1
+ require "kl_xml_security"
2
2
  require "onelogin/kl-ruby-saml/attributes"
3
3
 
4
4
  require "time"
@@ -52,7 +52,7 @@ module OneLogin
52
52
  end
53
53
 
54
54
  @response = decode_raw_saml(response)
55
- @document = XMLSecurity::SignedDocument.new(@response, @errors)
55
+ @document = KlXMLSecurity::SignedDocument.new(@response, @errors)
56
56
 
57
57
  if assertion_encrypted?
58
58
  @decrypted_document = generate_decrypted_document
@@ -623,7 +623,7 @@ module OneLogin
623
623
  end
624
624
 
625
625
  # Generates the decrypted_document
626
- # @return [XMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
626
+ # @return [KlXMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
627
627
  #
628
628
  def generate_decrypted_document
629
629
  if settings.nil? || !settings.get_sp_key
@@ -632,7 +632,7 @@ module OneLogin
632
632
 
633
633
  # Marshal at Ruby 1.8.7 throw an Exception
634
634
  if RUBY_VERSION < "1.9"
635
- document_copy = XMLSecurity::SignedDocument.new(response, errors)
635
+ document_copy = KlXMLSecurity::SignedDocument.new(response, errors)
636
636
  else
637
637
  document_copy = Marshal.load(Marshal.dump(document))
638
638
  end
@@ -641,8 +641,8 @@ module OneLogin
641
641
  end
642
642
 
643
643
  # Obtains a SAML Response with the EncryptedAssertion element decrypted
644
- # @param document_copy [XMLSecurity::SignedDocument] A copy of the original SAML Response with the encrypted assertion
645
- # @return [XMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
644
+ # @param document_copy [KlXMLSecurity::SignedDocument] A copy of the original SAML Response with the encrypted assertion
645
+ # @return [KlXMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
646
646
  #
647
647
  def decrypt_assertion_from_document(document_copy)
648
648
  response_node = REXML::XPath.first(
@@ -657,7 +657,7 @@ module OneLogin
657
657
  )
658
658
  response_node.add(decrypt_assertion(encrypted_assertion_node))
659
659
  encrypted_assertion_node.remove
660
- XMLSecurity::SignedDocument.new(response_node.to_s)
660
+ KlXMLSecurity::SignedDocument.new(response_node.to_s)
661
661
  end
662
662
 
663
663
  # Checks if the SAML Response contains or not an EncryptedAssertion element
data/lib/onelogin/kl-ruby-saml/saml_message.rb CHANGED
@@ -65,7 +65,7 @@ module OneLogin
65
65
  def valid_saml?(document, soft = true)
66
66
  begin
67
67
  xml = Nokogiri::XML(document.to_s) do |config|
68
- config.options = XMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
68
+ config.options = KlXMLSecurity::BaseDocument::NOKOGIRI_OPTIONS
69
69
  end
70
70
  rescue Exception => error
71
71
  return false if soft
data/lib/onelogin/kl-ruby-saml/settings.rb CHANGED
@@ -1,4 +1,4 @@
1
- require "xml_security"
1
+ require "kl_xml_security"
2
2
  require "onelogin/kl-ruby-saml/attribute_service"
3
3
  require "onelogin/kl-ruby-saml/utils"
4
4
 
@@ -107,7 +107,7 @@ module OneLogin
107
107
  idp_cert_fingerprint || begin
108
108
  idp_cert = get_idp_cert
109
109
  if idp_cert
110
- fingerprint_alg = XMLSecurity::BaseDocument.new.algorithm(idp_cert_fingerprint_algorithm).new
110
+ fingerprint_alg = KlXMLSecurity::BaseDocument.new.algorithm(idp_cert_fingerprint_algorithm).new
111
111
  fingerprint_alg.hexdigest(idp_cert.to_der).upcase.scan(/../).join(":")
112
112
  end
113
113
  end
@@ -145,7 +145,7 @@ module OneLogin
145
145
  DEFAULTS = {
146
146
  :assertion_consumer_service_binding => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".freeze,
147
147
  :single_logout_service_binding => "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".freeze,
148
- :idp_cert_fingerprint_algorithm => XMLSecurity::Document::SHA1,
148
+ :idp_cert_fingerprint_algorithm => KlXMLSecurity::Document::SHA1,
149
149
  :compress_request => true,
150
150
  :compress_response => true,
151
151
  :soft => true,
@@ -155,8 +155,8 @@ module OneLogin
155
155
  :logout_responses_signed => false,
156
156
  :metadata_signed => false,
157
157
  :embed_sign => false,
158
- :digest_method => XMLSecurity::Document::SHA1,
159
- :signature_method => XMLSecurity::Document::RSA_SHA1
158
+ :digest_method => KlXMLSecurity::Document::SHA1,
159
+ :signature_method => KlXMLSecurity::Document::RSA_SHA1
160
160
  }.freeze,
161
161
  :double_quote_xml_attribute_values => false,
162
162
  }.freeze
data/lib/onelogin/kl-ruby-saml/slo_logoutresponse.rb CHANGED
@@ -73,7 +73,7 @@ module OneLogin
73
73
  :relay_state => relay_state,
74
74
  :sig_alg => params['SigAlg']
75
75
  )
76
- sign_algorithm = XMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
76
+ sign_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(settings.security[:signature_method])
77
77
  signature = settings.get_sp_key.sign(sign_algorithm.new, url_string)
78
78
  params['Signature'] = encode(signature)
79
79
  end
@@ -94,7 +94,7 @@ module OneLogin
94
94
  def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
95
95
  time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
96
96
 
97
- response_doc = XMLSecurity::Document.new
97
+ response_doc = KlXMLSecurity::Document.new
98
98
  response_doc.uuid = uuid
99
99
 
100
100
  root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
data/lib/onelogin/kl-ruby-saml/utils.rb CHANGED
@@ -70,7 +70,7 @@ module OneLogin
70
70
  #
71
71
  def self.verify_signature(params)
72
72
  cert, sig_alg, signature, query_string = [:cert, :sig_alg, :signature, :query_string].map { |k| params[k]}
73
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(sig_alg)
73
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(sig_alg)
74
74
  return cert.public_key.verify(signature_algorithm.new, Base64.decode64(signature), query_string)
75
75
  end
76
76
 
data/lib/onelogin/kl-ruby-saml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module KlRubySaml
3
- VERSION = '0.0.4'
3
+ VERSION = '0.0.5'
4
4
  end
5
5
  end
data/test/logoutrequest_test.rb CHANGED
@@ -103,8 +103,8 @@ class RequestTest < Minitest::Test
103
103
 
104
104
  it "create a signed logout request with 256 digest and signature method" do
105
105
  settings.compress_request = false
106
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
107
- settings.security[:digest_method] = XMLSecurity::Document::SHA256
106
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
107
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA256
108
108
 
109
109
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings)
110
110
  request_xml = Base64.decode64(params["SAMLRequest"])
@@ -116,8 +116,8 @@ class RequestTest < Minitest::Test
116
116
 
117
117
  it "create a signed logout request with 512 digest and signature method RSA_SHA384" do
118
118
  settings.compress_request = false
119
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
120
- settings.security[:digest_method] = XMLSecurity::Document::SHA512
119
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA384
120
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA512
121
121
 
122
122
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings)
123
123
  request_xml = Base64.decode64(params["SAMLRequest"])
@@ -141,67 +141,67 @@ class RequestTest < Minitest::Test
141
141
  end
142
142
 
143
143
  it "create a signature parameter with RSA_SHA1 / SHA1 and validate it" do
144
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
144
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
145
145
 
146
146
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
147
147
  assert params['SAMLRequest']
148
148
  assert params[:RelayState]
149
149
  assert params['Signature']
150
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
150
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA1
151
151
 
152
152
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
153
153
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
154
154
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
155
155
 
156
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
156
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
157
157
  assert_equal signature_algorithm, OpenSSL::Digest::SHA1
158
158
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
159
159
  end
160
160
 
161
161
  it "create a signature parameter with RSA_SHA256 / SHA256 and validate it" do
162
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
162
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
163
163
 
164
164
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
165
165
  assert params['Signature']
166
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
166
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA256
167
167
 
168
168
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
169
169
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
170
170
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
171
171
 
172
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
172
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
173
173
  assert_equal signature_algorithm, OpenSSL::Digest::SHA256
174
174
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
175
175
  end
176
176
 
177
177
  it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
178
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
178
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA384
179
179
 
180
180
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
181
181
  assert params['Signature']
182
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
182
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA384
183
183
 
184
184
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
185
185
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
186
186
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
187
187
 
188
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
188
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
189
189
  assert_equal signature_algorithm, OpenSSL::Digest::SHA384
190
190
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
191
191
  end
192
192
 
193
193
  it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
194
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
194
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA512
195
195
 
196
196
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
197
197
  assert params['Signature']
198
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
198
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA512
199
199
 
200
200
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
201
201
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
202
202
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
203
203
 
204
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
204
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
205
205
  assert_equal signature_algorithm, OpenSSL::Digest::SHA512
206
206
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
207
207
  end
data/test/logoutresponse_test.rb CHANGED
@@ -215,7 +215,7 @@ class KlRubySamlTest < Minitest::Test
215
215
  end
216
216
 
217
217
  it "return true when valid RSA_SHA1 Signature" do
218
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
218
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
219
219
  params['RelayState'] = params[:RelayState]
220
220
  options = {}
221
221
  options[:get_params] = params
@@ -224,7 +224,7 @@ class KlRubySamlTest < Minitest::Test
224
224
  end
225
225
 
226
226
  it "return true when valid RSA_SHA256 Signature" do
227
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
227
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
228
228
  params['RelayState'] = params[:RelayState]
229
229
  options = {}
230
230
  options[:get_params] = params
@@ -233,7 +233,7 @@ class KlRubySamlTest < Minitest::Test
233
233
  end
234
234
 
235
235
  it "return false when invalid RSA_SHA1 Signature" do
236
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
236
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
237
237
  params['RelayState'] = 'http://invalid.example.com'
238
238
  options = {}
239
239
  options[:get_params] = params
@@ -242,7 +242,7 @@ class KlRubySamlTest < Minitest::Test
242
242
  end
243
243
 
244
244
  it "raise when invalid RSA_SHA1 Signature" do
245
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
245
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
246
246
  settings.soft = false
247
247
  params['RelayState'] = 'http://invalid.example.com'
248
248
  options = {}
data/test/metadata_test.rb CHANGED
@@ -174,7 +174,7 @@ class MetadataTest < Minitest::Test
174
174
  assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>]m, xml_text
175
175
  assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], xml_text
176
176
  assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], xml_text
177
- signed_metadata = XMLSecurity::SignedDocument.new(xml_text)
177
+ signed_metadata = KlXMLSecurity::SignedDocument.new(xml_text)
178
178
  assert signed_metadata.validate_document(ruby_saml_cert_fingerprint, false)
179
179
 
180
180
  assert validate_xml!(xml_text, "saml-schema-metadata-2.0.xsd")
@@ -182,8 +182,8 @@ class MetadataTest < Minitest::Test
182
182
 
183
183
  describe "when digest and signature methods are specified" do
184
184
  before do
185
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
186
- settings.security[:digest_method] = XMLSecurity::Document::SHA512
185
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
186
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA512
187
187
  end
188
188
 
189
189
  it "creates a signed metadata with specified digest and signature methods" do
@@ -191,7 +191,7 @@ class MetadataTest < Minitest::Test
191
191
  assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], xml_text
192
192
  assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha512'/>], xml_text
193
193
 
194
- signed_metadata_2 = XMLSecurity::SignedDocument.new(xml_text)
194
+ signed_metadata_2 = KlXMLSecurity::SignedDocument.new(xml_text)
195
195
 
196
196
  assert signed_metadata_2.validate_document(ruby_saml_cert_fingerprint, false)
197
197
 
data/test/request_test.rb CHANGED
@@ -191,8 +191,8 @@ class RequestTest < Minitest::Test
191
191
  end
192
192
 
193
193
  it "create a signed request with 256 digest and signature methods" do
194
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
195
- settings.security[:digest_method] = XMLSecurity::Document::SHA512
194
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
195
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA512
196
196
 
197
197
  params = OneLogin::KlRubySaml::Authrequest.new.create_params(settings)
198
198
 
@@ -217,36 +217,36 @@ class RequestTest < Minitest::Test
217
217
  end
218
218
 
219
219
  it "create a signature parameter with RSA_SHA1 and validate it" do
220
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
220
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
221
221
 
222
222
  params = OneLogin::KlRubySaml::Authrequest.new.create_params(settings, :RelayState => 'http://example.com')
223
223
  assert params['SAMLRequest']
224
224
  assert params[:RelayState]
225
225
  assert params['Signature']
226
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
226
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA1
227
227
 
228
228
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
229
229
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
230
230
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
231
231
 
232
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
232
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
233
233
  assert_equal signature_algorithm, OpenSSL::Digest::SHA1
234
234
 
235
235
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
236
236
  end
237
237
 
238
238
  it "create a signature parameter with RSA_SHA256 and validate it" do
239
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
239
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
240
240
 
241
241
  params = OneLogin::KlRubySaml::Authrequest.new.create_params(settings, :RelayState => 'http://example.com')
242
242
  assert params['Signature']
243
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
243
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA256
244
244
 
245
245
  query_string = "SAMLRequest=#{CGI.escape(params['SAMLRequest'])}"
246
246
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
247
247
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
248
248
 
249
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
249
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
250
250
  assert_equal signature_algorithm, OpenSSL::Digest::SHA256
251
251
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
252
252
  end
data/test/response_test.rb CHANGED
@@ -43,7 +43,7 @@ class KlRubySamlTest < Minitest::Test
43
43
  end
44
44
 
45
45
  it "be able to parse a document which contains ampersands" do
46
- XMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
46
+ KlXMLSecurity::SignedDocument.any_instance.stubs(:digests_match?).returns(true)
47
47
  OneLogin::KlRubySaml::Response.any_instance.stubs(:validate_conditions).returns(true)
48
48
 
49
49
  ampersands_response = OneLogin::KlRubySaml::Response.new(ampersands_document)
@@ -301,7 +301,7 @@ class KlRubySamlTest < Minitest::Test
301
301
  no_signature_response.stubs(:validate_subject_confirmation).returns(true)
302
302
  no_signature_response.settings = settings
303
303
  no_signature_response.settings.idp_cert_fingerprint = "28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA"
304
- XMLSecurity::SignedDocument.any_instance.expects(:validate_signature).returns(true)
304
+ KlXMLSecurity::SignedDocument.any_instance.expects(:validate_signature).returns(true)
305
305
  assert no_signature_response.is_valid?
306
306
  end
307
307
 
@@ -870,7 +870,7 @@ class KlRubySamlTest < Minitest::Test
870
870
  it 'Sign an unsigned SAML Response XML and initiate the SAML object with it' do
871
871
  xml = Base64.decode64(fixture("test_sign.xml"))
872
872
 
873
- document = XMLSecurity::Document.new(xml)
873
+ document = KlXMLSecurity::Document.new(xml)
874
874
 
875
875
  formated_cert = OneLogin::KlRubySaml::Utils.format_cert(ruby_saml_cert_text)
876
876
  cert = OpenSSL::X509::Certificate.new(formated_cert)
data/test/settings_test.rb CHANGED
@@ -67,14 +67,14 @@ class SettingsTest < Minitest::Test
67
67
  settings = OneLogin::KlRubySaml::Settings.new
68
68
  settings.security[:authn_requests_signed] = true
69
69
  settings.security[:embed_sign] = true
70
- settings.security[:digest_method] = XMLSecurity::Document::SHA256
71
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
70
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA256
71
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
72
72
 
73
73
  new_settings = OneLogin::KlRubySaml::Settings.new
74
74
  assert_equal new_settings.security[:authn_requests_signed], false
75
75
  assert_equal new_settings.security[:embed_sign], false
76
- assert_equal new_settings.security[:digest_method], XMLSecurity::Document::SHA1
77
- assert_equal new_settings.security[:signature_method], XMLSecurity::Document::RSA_SHA1
76
+ assert_equal new_settings.security[:digest_method], KlXMLSecurity::Document::SHA1
77
+ assert_equal new_settings.security[:signature_method], KlXMLSecurity::Document::RSA_SHA1
78
78
  end
79
79
 
80
80
  describe "#single_logout_service_url" do
data/test/slo_logoutrequest_test.rb CHANGED
@@ -221,7 +221,7 @@ class KlRubySamlTest < Minitest::Test
221
221
  end
222
222
 
223
223
  it "return true when valid RSA_SHA1 Signature" do
224
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
224
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
225
225
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
226
226
  params['RelayState'] = params[:RelayState]
227
227
  options = {}
@@ -232,7 +232,7 @@ class KlRubySamlTest < Minitest::Test
232
232
  end
233
233
 
234
234
  it "return true when valid RSA_SHA256 Signature" do
235
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
235
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
236
236
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
237
237
  options = {}
238
238
  options[:get_params] = params
@@ -243,7 +243,7 @@ class KlRubySamlTest < Minitest::Test
243
243
  end
244
244
 
245
245
  it "return false when invalid RSA_SHA1 Signature" do
246
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
246
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
247
247
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
248
248
  params['RelayState'] = 'http://invalid.exampcle.com'
249
249
  params[:RelayState] = params['RelayState']
@@ -256,7 +256,7 @@ class KlRubySamlTest < Minitest::Test
256
256
  end
257
257
 
258
258
  it "raise when invalid RSA_SHA1 Signature" do
259
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
259
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
260
260
  settings.soft = false
261
261
  params = OneLogin::KlRubySaml::Logoutrequest.new.create_params(settings, :RelayState => 'http://example.com')
262
262
  params['RelayState'] = 'http://invalid.exampcle.com'
data/test/slo_logoutresponse_test.rb CHANGED
@@ -70,8 +70,8 @@ class SloLogoutresponseTest < Minitest::Test
70
70
  end
71
71
 
72
72
  it "create a signed logout response with 256 digest and signature methods" do
73
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
74
- settings.security[:digest_method] = XMLSecurity::Document::SHA256
73
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
74
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA256
75
75
 
76
76
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message")
77
77
 
@@ -82,8 +82,8 @@ class SloLogoutresponseTest < Minitest::Test
82
82
  end
83
83
 
84
84
  it "create a signed logout response with 512 digest and signature method RSA_SHA384" do
85
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
86
- settings.security[:digest_method] = XMLSecurity::Document::SHA512
85
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA384
86
+ settings.security[:digest_method] = KlXMLSecurity::Document::SHA512
87
87
  logout_request.settings = settings
88
88
 
89
89
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message")
@@ -106,76 +106,76 @@ class SloLogoutresponseTest < Minitest::Test
106
106
  end
107
107
 
108
108
  it "create a signature parameter with RSA_SHA1 and validate it" do
109
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
109
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA1
110
110
 
111
111
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message", :RelayState => 'http://example.com')
112
112
  assert params['SAMLResponse']
113
113
  assert params[:RelayState]
114
114
  assert params['Signature']
115
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA1
115
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA1
116
116
 
117
117
  query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
118
118
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
119
119
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
120
120
 
121
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
121
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
122
122
  assert_equal signature_algorithm, OpenSSL::Digest::SHA1
123
123
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
124
124
  end
125
125
 
126
126
  it "create a signature parameter with RSA_SHA256 /SHA256 and validate it" do
127
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
127
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA256
128
128
 
129
129
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message", :RelayState => 'http://example.com')
130
130
  assert params['SAMLResponse']
131
131
  assert params[:RelayState]
132
132
  assert params['Signature']
133
133
 
134
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA256
134
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA256
135
135
 
136
136
  query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
137
137
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
138
138
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
139
139
 
140
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
140
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
141
141
  assert_equal signature_algorithm, OpenSSL::Digest::SHA256
142
142
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
143
143
  end
144
144
 
145
145
  it "create a signature parameter with RSA_SHA384 / SHA384 and validate it" do
146
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA384
146
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA384
147
147
 
148
148
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message", :RelayState => 'http://example.com')
149
149
  assert params['SAMLResponse']
150
150
  assert params[:RelayState]
151
151
  assert params['Signature']
152
152
 
153
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA384
153
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA384
154
154
 
155
155
  query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
156
156
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
157
157
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
158
158
 
159
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
159
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
160
160
  assert_equal signature_algorithm, OpenSSL::Digest::SHA384
161
161
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
162
162
  end
163
163
 
164
164
  it "create a signature parameter with RSA_SHA512 / SHA512 and validate it" do
165
- settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA512
165
+ settings.security[:signature_method] = KlXMLSecurity::Document::RSA_SHA512
166
166
 
167
167
  params = OneLogin::KlRubySaml::SloLogoutresponse.new.create_params(settings, logout_request.id, "Custom Logout Message", :RelayState => 'http://example.com')
168
168
  assert params['SAMLResponse']
169
169
  assert params[:RelayState]
170
170
  assert params['Signature']
171
171
 
172
- assert_equal params['SigAlg'], XMLSecurity::Document::RSA_SHA512
172
+ assert_equal params['SigAlg'], KlXMLSecurity::Document::RSA_SHA512
173
173
 
174
174
  query_string = "SAMLResponse=#{CGI.escape(params['SAMLResponse'])}"
175
175
  query_string << "&RelayState=#{CGI.escape(params[:RelayState])}"
176
176
  query_string << "&SigAlg=#{CGI.escape(params['SigAlg'])}"
177
177
 
178
- signature_algorithm = XMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
178
+ signature_algorithm = KlXMLSecurity::BaseDocument.new.algorithm(params['SigAlg'])
179
179
  assert_equal signature_algorithm, OpenSSL::Digest::SHA512
180
180
  assert cert.public_key.verify(signature_algorithm.new, Base64.decode64(params['Signature']), query_string)
181
181
  end
data/test/xml_security_test.rb CHANGED
@@ -1,14 +1,14 @@
1
1
  require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
- require 'xml_security'
2
+ require 'kl_xml_security'
3
3
  require 'timecop'
4
4
 
5
5
  class XmlSecurityTest < Minitest::Test
6
- include XMLSecurity
6
+ include KlXMLSecurity
7
7
 
8
8
  describe "XmlSecurity" do
9
9
 
10
10
  let(:decoded_response) { Base64.decode64(response_document_without_recipient) }
11
- let(:document) { XMLSecurity::SignedDocument.new(decoded_response) }
11
+ let(:document) { KlXMLSecurity::SignedDocument.new(decoded_response) }
12
12
  let(:settings) { OneLogin::KlRubySaml::Settings.new() }
13
13
 
14
14
  before do
@@ -31,7 +31,7 @@ class XmlSecurityTest < Minitest::Test
31
31
 
32
32
  it "not raise an error when softly validating the document and the X509Certificate is missing" do
33
33
  decoded_response.sub!(/<ds:X509Certificate>.*<\/ds:X509Certificate>/, "")
34
- mod_document = XMLSecurity::SignedDocument.new(decoded_response)
34
+ mod_document = KlXMLSecurity::SignedDocument.new(decoded_response)
35
35
  assert !mod_document.validate_document("a fingerprint", true) # The fingerprint isn't relevant to this test
36
36
  end
37
37
 
@@ -54,7 +54,7 @@ class XmlSecurityTest < Minitest::Test
54
54
  it "should raise Key validation error" do
55
55
  decoded_response.sub!("<ds:DigestValue>pJQ7MS/ek4KRRWGmv/H43ReHYMs=</ds:DigestValue>",
56
56
  "<ds:DigestValue>b9xsAXLsynugg3Wc1CI3kpWku+0=</ds:DigestValue>")
57
- mod_document = XMLSecurity::SignedDocument.new(decoded_response)
57
+ mod_document = KlXMLSecurity::SignedDocument.new(decoded_response)
58
58
  base64cert = mod_document.elements["//ds:X509Certificate"].text
59
59
  exception = assert_raises(OneLogin::KlRubySaml::ValidationError) do
60
60
  mod_document.validate_signature(base64cert, false)
@@ -64,14 +64,14 @@ class XmlSecurityTest < Minitest::Test
64
64
  end
65
65
 
66
66
  it "correctly obtain the digest method with alternate namespace declaration" do
67
- adfs_document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_xmlns, false))
67
+ adfs_document = KlXMLSecurity::SignedDocument.new(fixture(:adfs_response_xmlns, false))
68
68
  base64cert = adfs_document.elements["//X509Certificate"].text
69
69
  assert adfs_document.validate_signature(base64cert, false)
70
70
  end
71
71
 
72
72
  it "raise validation error when the X509Certificate is missing" do
73
73
  decoded_response.sub!(/<ds:X509Certificate>.*<\/ds:X509Certificate>/, "")
74
- mod_document = XMLSecurity::SignedDocument.new(decoded_response)
74
+ mod_document = KlXMLSecurity::SignedDocument.new(decoded_response)
75
75
  exception = assert_raises(OneLogin::KlRubySaml::ValidationError) do
76
76
  mod_document.validate_document("a fingerprint", false) # The fingerprint isn't relevant to this test
77
77
  end
@@ -82,46 +82,46 @@ class XmlSecurityTest < Minitest::Test
82
82
  describe "#canon_algorithm" do
83
83
  it "C14N_EXCLUSIVE_1_0" do
84
84
  canon_algorithm = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
85
- assert_equal canon_algorithm, XMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2001/10/xml-exc-c14n#")
86
- assert_equal canon_algorithm, XMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2001/10/xml-exc-c14n#WithComments")
87
- assert_equal canon_algorithm, XMLSecurity::BaseDocument.new.canon_algorithm("other")
85
+ assert_equal canon_algorithm, KlXMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2001/10/xml-exc-c14n#")
86
+ assert_equal canon_algorithm, KlXMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2001/10/xml-exc-c14n#WithComments")
87
+ assert_equal canon_algorithm, KlXMLSecurity::BaseDocument.new.canon_algorithm("other")
88
88
  end
89
89
 
90
90
  it "C14N_1_0" do
91
91
  canon_algorithm = Nokogiri::XML::XML_C14N_1_0
92
- assert_equal canon_algorithm, XMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
92
+ assert_equal canon_algorithm, KlXMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")
93
93
  end
94
94
 
95
95
  it "XML_C14N_1_1" do
96
96
  canon_algorithm = Nokogiri::XML::XML_C14N_1_1
97
- assert_equal canon_algorithm, XMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2006/12/xml-c14n11")
97
+ assert_equal canon_algorithm, KlXMLSecurity::BaseDocument.new.canon_algorithm("http://www.w3.org/2006/12/xml-c14n11")
98
98
  end
99
99
  end
100
100
 
101
101
  describe "#algorithm" do
102
102
  it "SHA1" do
103
103
  alg = OpenSSL::Digest::SHA1
104
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
105
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2000/09/xmldsig#sha1")
106
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("other")
104
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
105
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2000/09/xmldsig#sha1")
106
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("other")
107
107
  end
108
108
 
109
109
  it "SHA256" do
110
110
  alg = OpenSSL::Digest::SHA256
111
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
112
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha256")
111
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
112
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha256")
113
113
  end
114
114
 
115
115
  it "SHA384" do
116
116
  alg = OpenSSL::Digest::SHA384
117
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384")
118
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha384")
117
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384")
118
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha384")
119
119
  end
120
120
 
121
121
  it "SHA512" do
122
122
  alg = OpenSSL::Digest::SHA512
123
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512")
124
- assert_equal alg, XMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha512")
123
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512")
124
+ assert_equal alg, KlXMLSecurity::BaseDocument.new.algorithm("http://www.w3.org/2001/04/xmldsig-more#sha512")
125
125
  end
126
126
  end
127
127
 
@@ -133,53 +133,53 @@ class XmlSecurityTest < Minitest::Test
133
133
  sha1_fingerprint_downcase = "f13c6b80905a030e6c913e5d15faddb016454872"
134
134
 
135
135
  assert response_fingerprint_test.document.validate_document(sha1_fingerprint)
136
- assert response_fingerprint_test.document.validate_document(sha1_fingerprint, true, :fingerprint_alg => XMLSecurity::Document::SHA1)
136
+ assert response_fingerprint_test.document.validate_document(sha1_fingerprint, true, :fingerprint_alg => KlXMLSecurity::Document::SHA1)
137
137
 
138
138
  assert response_fingerprint_test.document.validate_document(sha1_fingerprint_downcase)
139
- assert response_fingerprint_test.document.validate_document(sha1_fingerprint_downcase, true, :fingerprint_alg => XMLSecurity::Document::SHA1)
139
+ assert response_fingerprint_test.document.validate_document(sha1_fingerprint_downcase, true, :fingerprint_alg => KlXMLSecurity::Document::SHA1)
140
140
  end
141
141
 
142
142
  it "validate using SHA256" do
143
143
  sha256_fingerprint = "C4:C6:BD:41:EC:AD:57:97:CE:7B:7D:80:06:C3:E4:30:53:29:02:0B:DD:2D:47:02:9E:BD:85:AD:93:02:45:21"
144
144
 
145
145
  assert !response_fingerprint_test.document.validate_document(sha256_fingerprint)
146
- assert response_fingerprint_test.document.validate_document(sha256_fingerprint, true, :fingerprint_alg => XMLSecurity::Document::SHA256)
146
+ assert response_fingerprint_test.document.validate_document(sha256_fingerprint, true, :fingerprint_alg => KlXMLSecurity::Document::SHA256)
147
147
  end
148
148
 
149
149
  it "validate using SHA384" do
150
150
  sha384_fingerprint = "98:FE:17:90:31:E7:68:18:8A:65:4D:DA:F5:76:E2:09:97:BE:8B:E3:7E:AA:8D:63:64:7C:0C:38:23:9A:AC:A2:EC:CE:48:A6:74:4D:E0:4C:50:80:40:B4:8D:55:14:14"
151
151
 
152
152
  assert !response_fingerprint_test.document.validate_document(sha384_fingerprint)
153
- assert response_fingerprint_test.document.validate_document(sha384_fingerprint, true, :fingerprint_alg => XMLSecurity::Document::SHA384)
153
+ assert response_fingerprint_test.document.validate_document(sha384_fingerprint, true, :fingerprint_alg => KlXMLSecurity::Document::SHA384)
154
154
  end
155
155
 
156
156
  it "validate using SHA512" do
157
157
  sha512_fingerprint = "5A:AE:BA:D0:BA:9D:1E:25:05:01:1E:1A:C9:E9:FF:DB:ED:FA:6E:F7:52:EB:45:49:BD:DB:06:D8:A3:7E:CC:63:3A:04:A2:DD:DF:EE:61:05:D9:58:95:2A:77:17:30:4B:EB:4A:9F:48:4A:44:1C:D0:9E:0B:1E:04:77:FD:A3:D2"
158
158
 
159
159
  assert !response_fingerprint_test.document.validate_document(sha512_fingerprint)
160
- assert response_fingerprint_test.document.validate_document(sha512_fingerprint, true, :fingerprint_alg => XMLSecurity::Document::SHA512)
160
+ assert response_fingerprint_test.document.validate_document(sha512_fingerprint, true, :fingerprint_alg => KlXMLSecurity::Document::SHA512)
161
161
  end
162
162
 
163
163
  end
164
164
 
165
165
  describe "Signature Algorithms" do
166
166
  it "validate using SHA1" do
167
- document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
167
+ document = KlXMLSecurity::SignedDocument.new(fixture(:adfs_response_sha1, false))
168
168
  assert document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
169
169
  end
170
170
 
171
171
  it "validate using SHA256" do
172
- document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
172
+ document = KlXMLSecurity::SignedDocument.new(fixture(:adfs_response_sha256, false))
173
173
  assert document.validate_document("28:74:9B:E8:1F:E8:10:9C:A8:7C:A9:C3:E3:C5:01:6C:92:1C:B4:BA")
174
174
  end
175
175
 
176
176
  it "validate using SHA384" do
177
- document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
177
+ document = KlXMLSecurity::SignedDocument.new(fixture(:adfs_response_sha384, false))
178
178
  assert document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
179
179
  end
180
180
 
181
181
  it "validate using SHA512" do
182
- document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
182
+ document = KlXMLSecurity::SignedDocument.new(fixture(:adfs_response_sha512, false))
183
183
  assert document.validate_document("F1:3C:6B:80:90:5A:03:0E:6C:91:3E:5D:15:FA:DD:B0:16:45:48:72")
184
184
  end
185
185
  end
@@ -189,7 +189,7 @@ class XmlSecurityTest < Minitest::Test
189
189
  describe "#extract_inclusive_namespaces" do
190
190
  it "support explicit namespace resolution for exclusive canonicalization" do
191
191
  response = fixture(:open_saml_response, false)
192
- document = XMLSecurity::SignedDocument.new(response)
192
+ document = KlXMLSecurity::SignedDocument.new(response)
193
193
  inclusive_namespaces = document.send(:extract_inclusive_namespaces)
194
194
 
195
195
  assert_equal %w[ xs ], inclusive_namespaces
@@ -197,7 +197,7 @@ class XmlSecurityTest < Minitest::Test
197
197
 
198
198
  it "support implicit namespace resolution for exclusive canonicalization" do
199
199
  response = fixture(:no_signature_ns, false)
200
- document = XMLSecurity::SignedDocument.new(response)
200
+ document = KlXMLSecurity::SignedDocument.new(response)
201
201
  inclusive_namespaces = document.send(:extract_inclusive_namespaces)
202
202
 
203
203
  assert_equal %w[ #default saml ds xs xsi ], inclusive_namespaces
@@ -219,14 +219,14 @@ class XmlSecurityTest < Minitest::Test
219
219
  response = fixture(:no_signature_ns, false)
220
220
  response.slice! %r{<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default saml ds xs xsi"/>}
221
221
 
222
- document = XMLSecurity::SignedDocument.new(response)
222
+ document = KlXMLSecurity::SignedDocument.new(response)
223
223
  inclusive_namespaces = document.send(:extract_inclusive_namespaces)
224
224
 
225
225
  assert inclusive_namespaces.empty?
226
226
  end
227
227
  end
228
228
 
229
- describe "XMLSecurity::DSIG" do
229
+ describe "KlXMLSecurity::DSIG" do
230
230
  before do
231
231
  settings.idp_sso_target_url = "https://idp.example.com/sso"
232
232
  settings.protocol_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
@@ -241,13 +241,13 @@ class XmlSecurityTest < Minitest::Test
241
241
  request = OneLogin::KlRubySaml::Authrequest.new.create_authentication_xml_doc(settings)
242
242
  request.sign_document(ruby_saml_key, ruby_saml_cert)
243
243
  # verify our signature
244
- signed_doc = XMLSecurity::SignedDocument.new(request.to_s)
244
+ signed_doc = KlXMLSecurity::SignedDocument.new(request.to_s)
245
245
  assert signed_doc.validate_document(ruby_saml_cert_fingerprint, false)
246
246
 
247
247
  request2 = OneLogin::KlRubySaml::Authrequest.new.create_authentication_xml_doc(settings)
248
248
  request2.sign_document(ruby_saml_key, ruby_saml_cert_text)
249
249
  # verify our signature
250
- signed_doc2 = XMLSecurity::SignedDocument.new(request2.to_s)
250
+ signed_doc2 = KlXMLSecurity::SignedDocument.new(request2.to_s)
251
251
  assert signed_doc2.validate_document(ruby_saml_cert_fingerprint, false)
252
252
  end
253
253
 
@@ -256,7 +256,7 @@ class XmlSecurityTest < Minitest::Test
256
256
  request.sign_document(ruby_saml_key, ruby_saml_cert_text)
257
257
 
258
258
  # verify our signature
259
- signed_doc = XMLSecurity::SignedDocument.new(request.to_s)
259
+ signed_doc = KlXMLSecurity::SignedDocument.new(request.to_s)
260
260
  assert signed_doc.validate_document(ruby_saml_cert_fingerprint, false)
261
261
  end
262
262
 
@@ -264,13 +264,13 @@ class XmlSecurityTest < Minitest::Test
264
264
  logout_request = OneLogin::KlRubySaml::Logoutrequest.new.create_logout_request_xml_doc(settings)
265
265
  logout_request.sign_document(ruby_saml_key, ruby_saml_cert)
266
266
  # verify our signature
267
- signed_doc = XMLSecurity::SignedDocument.new(logout_request.to_s)
267
+ signed_doc = KlXMLSecurity::SignedDocument.new(logout_request.to_s)
268
268
  assert signed_doc.validate_document(ruby_saml_cert_fingerprint, false)
269
269
 
270
270
  logout_request2 = OneLogin::KlRubySaml::Logoutrequest.new.create_logout_request_xml_doc(settings)
271
271
  logout_request2.sign_document(ruby_saml_key, ruby_saml_cert_text)
272
272
  # verify our signature
273
- signed_doc2 = XMLSecurity::SignedDocument.new(logout_request2.to_s)
273
+ signed_doc2 = KlXMLSecurity::SignedDocument.new(logout_request2.to_s)
274
274
  signed_doc2.validate_document(ruby_saml_cert_fingerprint, false)
275
275
  assert signed_doc2.validate_document(ruby_saml_cert_fingerprint, false)
276
276
  end
@@ -279,13 +279,13 @@ class XmlSecurityTest < Minitest::Test
279
279
  logout_response = OneLogin::KlRubySaml::SloLogoutresponse.new.create_logout_response_xml_doc(settings, 'request_id_example', "Custom Logout Message")
280
280
  logout_response.sign_document(ruby_saml_key, ruby_saml_cert)
281
281
  # verify our signature
282
- signed_doc = XMLSecurity::SignedDocument.new(logout_response.to_s)
282
+ signed_doc = KlXMLSecurity::SignedDocument.new(logout_response.to_s)
283
283
  assert signed_doc.validate_document(ruby_saml_cert_fingerprint, false)
284
284
 
285
285
  logout_response2 = OneLogin::KlRubySaml::SloLogoutresponse.new.create_logout_response_xml_doc(settings, 'request_id_example', "Custom Logout Message")
286
286
  logout_response2.sign_document(ruby_saml_key, ruby_saml_cert_text)
287
287
  # verify our signature
288
- signed_doc2 = XMLSecurity::SignedDocument.new(logout_response2.to_s)
288
+ signed_doc2 = KlXMLSecurity::SignedDocument.new(logout_response2.to_s)
289
289
  signed_doc2.validate_document(ruby_saml_cert_fingerprint, false)
290
290
  assert signed_doc2.validate_document(ruby_saml_cert_fingerprint, false)
291
291
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kl-ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
@@ -170,6 +170,7 @@ files:
170
170
  - gemfiles/nokogiri-1.5.gemfile
171
171
  - kl-ruby-saml.gemspec
172
172
  - lib/kl-ruby-saml.rb
173
+ - lib/kl_xml_security.rb
173
174
  - lib/onelogin/kl-ruby-saml.rb
174
175
  - lib/onelogin/kl-ruby-saml/attribute_service.rb
175
176
  - lib/onelogin/kl-ruby-saml/attributes.rb
@@ -200,7 +201,6 @@ files:
200
201
  - lib/schemas/xenc-schema.xsd
201
202
  - lib/schemas/xml.xsd
202
203
  - lib/schemas/xmldsig-core-schema.xsd
203
- - lib/xml_security.rb
204
204
  - test/certificates/certificate1
205
205
  - test/certificates/certificate_without_head_foot
206
206
  - test/certificates/formatted_certificate