RubyGems - omniauth-latvija - Versions diffs - 5.0.0 → 6.0.0 - Mend

omniauth-latvija 5.0.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/omniauth-latvija/version.rb +1 -1
data/lib/omniauth/strategies/latvija.rb +1 -0
data/lib/omniauth/strategies/latvija/response.rb +1 -1
data/lib/omniauth/strategies/latvija/signed_document.rb +13 -3
metadata +3 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bd3dccbc8a7d0c3085a09fdbdfcade5add5a37957b3feb2bfc39db7a645ff6e
-  data.tar.gz: 6ecb7bd1e3a242e1e7fce010e4902c7937953da93abda12b2567c7fd61e1f2e0
+  metadata.gz: 962c2888b86b4eb1b8b3354a8fc8410afb71fbd36804d2f1d032ac79acc1a496
+  data.tar.gz: 51403707278ddc99297a0ae49707960cde28e425f08db41e134edbf601533a4e
 SHA512:
-  metadata.gz: 9ce3aac6b6409192882ea39b190dd77b5e364bc038c7204d6bdaeb76b546529eaf9b60c07cb445b36b57216379b9977257775a94bda4b64eaa5f1e3a2392d9df
-  data.tar.gz: 9a951c691b8314fd084a490cbe528e66901bf77da147f6412eeedd7208b334df9998e966c32accf02002c880524cd3e9b9300b97fb1c0c90907e2e79e0051f43
+  metadata.gz: cbe1a3e2097c8417210cc71effd54098230a7ddc9e7f2f6e315098bcf0dc9d1f9959c125cae74b46c8b4095d7eecfb738b1e7a432407c1a96e146810a87e3c4f
+  data.tar.gz: d077eb5f9a46a4654017a12a7a3fc7e1afa904a0c99c989bbeb3719f576a32d4c6faf5ea41c1bf5ee84f77d9c6bab940f47d638901a025135c91f6eba13a54e5

data/lib/omniauth-latvija/version.rb CHANGED

@@ -1,5 +1,5 @@
 module OmniAuth
   module Latvija
-    VERSION = '5.0.0'
+    VERSION = '6.0.0'
   end
 end

data/lib/omniauth/strategies/latvija.rb CHANGED

@@ -1,6 +1,7 @@
 require 'time'
 require 'openssl'
 require 'digest/sha1'
+require 'digest/sha2'
 require 'xmlenc'
 require 'nokogiri'
 require 'omniauth/strategies/latvija/response'

data/lib/omniauth/strategies/latvija/response.rb CHANGED

@@ -67,7 +67,7 @@ module OmniAuth::Strategies
       def fingerprint
         cert = OpenSSL::X509::Certificate.new(options[:certificate])
-        Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(':')
+        Digest::SHA256.hexdigest(cert.to_der).upcase.scan(/../).join(':')
       end
       def conditions_tag

data/lib/omniauth/strategies/latvija/signed_document.rb CHANGED

@@ -64,8 +64,18 @@ module OmniAuth::Strategies
         end
       end
+      def digest_method_class(reference)
+        value = reference.xpath('.//xmlns:DigestMethod', xmlns: DSIG).attribute('Algorithm').value
+        value == "#{DSIG}sha1" ? Digest::SHA1 : Digest::SHA256
+      end
+      def signature_method_class(sig_element)
+        value = sig_element.xpath('.//xmlns:SignatureMethod', xmlns: DSIG).attribute('Algorithm').value
+        value == "#{DSIG}rsa-sha1" ? OpenSSL::Digest::SHA1 : OpenSSL::Digest::SHA256
+      end
       def validate_fingerprint!(idp_cert_fingerprint)
-        fingerprint = Digest::SHA1.hexdigest(certificate.to_der)
+        fingerprint = Digest::SHA256.hexdigest(certificate.to_der)
         if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/, '').downcase
           raise ValidationError, 'Fingerprint mismatch'
         end
@@ -80,7 +90,7 @@ module OmniAuth::Strategies
           hashed_element = response_without_signature.
             at_xpath("//*[@AssertionID='#{uri[1, uri.size]}']").
             canonicalize(CANON_MODE)
-          hash           = Base64.encode64(Digest::SHA1.digest(hashed_element)).chomp
+          hash           = Base64.encode64(digest_method_class(ref).digest(hashed_element)).chomp
           digest_value   = ref.xpath('.//xmlns:DigestValue', xmlns: DSIG).text
           raise ValidationError, 'Digest mismatch' if hash != digest_value
@@ -94,7 +104,7 @@ module OmniAuth::Strategies
         base64_signature    = sig_element.xpath('.//xmlns:SignatureValue', xmlns: DSIG).text
         signature           = Base64.decode64(base64_signature)
-        unless certificate.public_key.verify(OpenSSL::Digest::SHA1.new, signature, signed_info_element)
+        unless certificate.public_key.verify(signature_method_class(sig_element).new, signature, signed_info_element)
           raise ValidationError, 'Key validation error'
         end
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-latvija
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 6.0.0
 platform: ruby
 authors:
 - Edgars Beigarts
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-12 00:00:00.000000000 Z
+date: 2020-06-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -169,8 +169,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: Latvija.lv authentication strategy for OmniAuth