omniauth-latvija 5.0.0 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 962c2888b86b4eb1b8b3354a8fc8410afb71fbd36804d2f1d032ac79acc1a496
|
4
|
+
data.tar.gz: 51403707278ddc99297a0ae49707960cde28e425f08db41e134edbf601533a4e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cbe1a3e2097c8417210cc71effd54098230a7ddc9e7f2f6e315098bcf0dc9d1f9959c125cae74b46c8b4095d7eecfb738b1e7a432407c1a96e146810a87e3c4f
|
7
|
+
data.tar.gz: d077eb5f9a46a4654017a12a7a3fc7e1afa904a0c99c989bbeb3719f576a32d4c6faf5ea41c1bf5ee84f77d9c6bab940f47d638901a025135c91f6eba13a54e5
|
@@ -67,7 +67,7 @@ module OmniAuth::Strategies
|
|
67
67
|
|
68
68
|
def fingerprint
|
69
69
|
cert = OpenSSL::X509::Certificate.new(options[:certificate])
|
70
|
-
Digest::
|
70
|
+
Digest::SHA256.hexdigest(cert.to_der).upcase.scan(/../).join(':')
|
71
71
|
end
|
72
72
|
|
73
73
|
def conditions_tag
|
@@ -64,8 +64,18 @@ module OmniAuth::Strategies
|
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
|
+
def digest_method_class(reference)
|
68
|
+
value = reference.xpath('.//xmlns:DigestMethod', xmlns: DSIG).attribute('Algorithm').value
|
69
|
+
value == "#{DSIG}sha1" ? Digest::SHA1 : Digest::SHA256
|
70
|
+
end
|
71
|
+
|
72
|
+
def signature_method_class(sig_element)
|
73
|
+
value = sig_element.xpath('.//xmlns:SignatureMethod', xmlns: DSIG).attribute('Algorithm').value
|
74
|
+
value == "#{DSIG}rsa-sha1" ? OpenSSL::Digest::SHA1 : OpenSSL::Digest::SHA256
|
75
|
+
end
|
76
|
+
|
67
77
|
def validate_fingerprint!(idp_cert_fingerprint)
|
68
|
-
fingerprint = Digest::
|
78
|
+
fingerprint = Digest::SHA256.hexdigest(certificate.to_der)
|
69
79
|
if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/, '').downcase
|
70
80
|
raise ValidationError, 'Fingerprint mismatch'
|
71
81
|
end
|
@@ -80,7 +90,7 @@ module OmniAuth::Strategies
|
|
80
90
|
hashed_element = response_without_signature.
|
81
91
|
at_xpath("//*[@AssertionID='#{uri[1, uri.size]}']").
|
82
92
|
canonicalize(CANON_MODE)
|
83
|
-
hash = Base64.encode64(
|
93
|
+
hash = Base64.encode64(digest_method_class(ref).digest(hashed_element)).chomp
|
84
94
|
digest_value = ref.xpath('.//xmlns:DigestValue', xmlns: DSIG).text
|
85
95
|
|
86
96
|
raise ValidationError, 'Digest mismatch' if hash != digest_value
|
@@ -94,7 +104,7 @@ module OmniAuth::Strategies
|
|
94
104
|
base64_signature = sig_element.xpath('.//xmlns:SignatureValue', xmlns: DSIG).text
|
95
105
|
signature = Base64.decode64(base64_signature)
|
96
106
|
|
97
|
-
unless certificate.public_key.verify(
|
107
|
+
unless certificate.public_key.verify(signature_method_class(sig_element).new, signature, signed_info_element)
|
98
108
|
raise ValidationError, 'Key validation error'
|
99
109
|
end
|
100
110
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-latvija
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Edgars Beigarts
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: omniauth
|
@@ -169,8 +169,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
169
169
|
- !ruby/object:Gem::Version
|
170
170
|
version: '0'
|
171
171
|
requirements: []
|
172
|
-
|
173
|
-
rubygems_version: 2.7.6
|
172
|
+
rubygems_version: 3.0.6
|
174
173
|
signing_key:
|
175
174
|
specification_version: 4
|
176
175
|
summary: Latvija.lv authentication strategy for OmniAuth
|