RubyGems - omniauth-latvija - Versions diffs - 5.0.0 → 6.0.0 - Mend

omniauth-latvija 5.0.0 → 6.0.0

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/omniauth-latvija/version.rb +1 -1
data/lib/omniauth/strategies/latvija.rb +1 -0
data/lib/omniauth/strategies/latvija/response.rb +1 -1
data/lib/omniauth/strategies/latvija/signed_document.rb +13 -3
metadata +3 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bd3dccbc8a7d0c3085a09fdbdfcade5add5a37957b3feb2bfc39db7a645ff6e
-  data.tar.gz: 6ecb7bd1e3a242e1e7fce010e4902c7937953da93abda12b2567c7fd61e1f2e0
+  metadata.gz: 962c2888b86b4eb1b8b3354a8fc8410afb71fbd36804d2f1d032ac79acc1a496
+  data.tar.gz: 51403707278ddc99297a0ae49707960cde28e425f08db41e134edbf601533a4e
 SHA512:
-  metadata.gz: 9ce3aac6b6409192882ea39b190dd77b5e364bc038c7204d6bdaeb76b546529eaf9b60c07cb445b36b57216379b9977257775a94bda4b64eaa5f1e3a2392d9df
-  data.tar.gz: 9a951c691b8314fd084a490cbe528e66901bf77da147f6412eeedd7208b334df9998e966c32accf02002c880524cd3e9b9300b97fb1c0c90907e2e79e0051f43
+  metadata.gz: cbe1a3e2097c8417210cc71effd54098230a7ddc9e7f2f6e315098bcf0dc9d1f9959c125cae74b46c8b4095d7eecfb738b1e7a432407c1a96e146810a87e3c4f
+  data.tar.gz: d077eb5f9a46a4654017a12a7a3fc7e1afa904a0c99c989bbeb3719f576a32d4c6faf5ea41c1bf5ee84f77d9c6bab940f47d638901a025135c91f6eba13a54e5

data/lib/omniauth-latvija/version.rb CHANGED

@@ -1,5 +1,5 @@
 module OmniAuth
   module Latvija
-    VERSION = '5.0.0'
+    VERSION = '6.0.0'
   end
 end

data/lib/omniauth/strategies/latvija.rb CHANGED

@@ -1,6 +1,7 @@
 require 'time'
 require 'openssl'
 require 'digest/sha1'
+require 'digest/sha2'
 require 'xmlenc'
 require 'nokogiri'
 require 'omniauth/strategies/latvija/response'

data/lib/omniauth/strategies/latvija/response.rb CHANGED

@@ -67,7 +67,7 @@ module OmniAuth::Strategies
       def fingerprint
         cert = OpenSSL::X509::Certificate.new(options[:certificate])
-        Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
+        Digest::SHA256.hexdigest(cert.to_der).upcase.scan(/../).join(':')
       end
       def conditions_tag

data/lib/omniauth/strategies/latvija/signed_document.rb CHANGED

@@ -64,8 +64,18 @@ module OmniAuth::Strategies
         end
       end
+      def digest_method_class(reference)
+        value = reference.xpath('.//xmlns:DigestMethod', xmlns: DSIG).attribute('Algorithm').value
+        value == "#{DSIG}sha1" ? Digest::SHA1 : Digest::SHA256
+      end
+      def signature_method_class(sig_element)
+        value = sig_element.xpath('.//xmlns:SignatureMethod', xmlns: DSIG).attribute('Algorithm').value
+        value == "#{DSIG}rsa-sha1" ? OpenSSL::Digest::SHA1 : OpenSSL::Digest::SHA256
+      end
       def validate_fingerprint!(idp_cert_fingerprint)
-        fingerprint = Digest::SHA1.hexdigest(certificate.to_der)
+        fingerprint = Digest::SHA256.hexdigest(certificate.to_der)
         if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/, '').downcase
           raise ValidationError, 'Fingerprint mismatch'
         end
@@ -80,7 +90,7 @@ module OmniAuth::Strategies
           hashed_element = response_without_signature.
             at_xpath("//*[@AssertionID='#{uri[1, uri.size]}']").
             canonicalize(CANON_MODE)
-          hash           = Base64.encode64(Digest::SHA1.digest(hashed_element)).chomp
+          hash           = Base64.encode64(digest_method_class(ref).digest(hashed_element)).chomp
           digest_value   = ref.xpath('.//xmlns:DigestValue', xmlns: DSIG).text
           raise ValidationError, 'Digest mismatch' if hash != digest_value
@@ -94,7 +104,7 @@ module OmniAuth::Strategies
         base64_signature    = sig_element.xpath('.//xmlns:SignatureValue', xmlns: DSIG).text
         signature           = Base64.decode64(base64_signature)
-        unless certificate.public_key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info_element)
+        unless certificate.public_key.verify(signature_method_class(sig_element).new, signature, signed_info_element)
           raise ValidationError, 'Key validation error'
         end
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-latvija
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 6.0.0
 platform: ruby
 authors:
 - Edgars Beigarts
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-12 00:00:00.000000000 Z
+date: 2020-06-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -169,8 +169,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: Latvija.lv authentication strategy for OmniAuth