ruby-saml-mod 0.1.12 → 0.1.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/xml_sec.rb +24 -6
  2. data/ruby-saml-mod.gemspec +2 -2
  3. metadata +4 -4
data/lib/xml_sec.rb CHANGED
@@ -28,7 +28,7 @@ require "openssl"
28
28
  require "digest/sha1"
29
29
  require "tempfile"
30
30
  require "shellwords"
31
-
31
+
32
32
  module XMLSecurity
33
33
  module SignedDocument
34
34
  attr_reader :validation_error
@@ -50,16 +50,34 @@ module XMLSecurity
50
50
  validate_doc(base64_cert, logger)
51
51
  end
52
52
 
53
- def canonicalize_node(node)
53
+ def canonicalize_doc(doc, method)
54
+ # this is not robust enough, but a switch to libxmlsec replacing all
55
+ # the hackery is imminent, so I'm not going to spend a lot of time on it.
56
+ mode = 0; comments = false
57
+ if method
58
+ mode = 1 if method =~ %r{xml-exc-c14n}
59
+ mode = 2 if method =~ %r{xml-c14n11}
60
+ comments = method =~ %r{#withcomments}i
61
+ end
62
+ doc.canonicalize(:mode => mode, :comments => comments)
63
+ end
64
+
65
+ def canonicalize_node(node, method)
54
66
  tmp_document = LibXML::XML::Document.new
55
67
  tmp_document.root = tmp_document.import(node)
56
- tmp_document.canonicalize
68
+ canonicalize_doc(tmp_document, method)
57
69
  end
58
70
 
59
71
  def validate_doc(base64_cert, logger)
60
72
  # validate references
61
73
  sig_element = find_first("//ds:Signature", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
62
-
74
+
75
+ c14n_method = nil
76
+ c14n_method_element = sig_element.find_first(".//ds:CanonicalizationMethod", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
77
+ if c14n_method_element
78
+ c14n_method = c14n_method_element["Algorithm"]
79
+ end
80
+
63
81
  # check digests
64
82
  sig_element.find(".//ds:Reference", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).each do |ref|
65
83
  # Find the referenced element
@@ -75,7 +93,7 @@ module XMLSecurity
75
93
  ref_document_sig_element.remove! if ref_document_sig_element
76
94
 
77
95
  # Canonicalize the referenced element's document
78
- ref_document_canonicalized = ref_document.canonicalize
96
+ ref_document_canonicalized = canonicalize_doc(ref_document, c14n_method)
79
97
  hash = Base64::encode64(Digest::SHA1.digest(ref_document_canonicalized)).chomp
80
98
  digest_value = sig_element.find_first(".//ds:DigestValue", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).content
81
99
 
@@ -97,7 +115,7 @@ module XMLSecurity
97
115
 
98
116
  # verify signature
99
117
  signed_info_element = sig_element.find_first(".//ds:SignedInfo", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
100
- canon_string = canonicalize_node(signed_info_element)
118
+ canon_string = canonicalize_node(signed_info_element, c14n_method)
101
119
 
102
120
  base64_signature = sig_element.find_first(".//ds:SignatureValue", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).content
103
121
  signature = Base64.decode64(base64_signature)
@@ -1,9 +1,9 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{ruby-saml-mod}
3
- s.version = "0.1.12"
3
+ s.version = "0.1.13"
4
4
 
5
5
  s.authors = ["OneLogin LLC", "Bracken", "Zach", "Cody"]
6
- s.date = %q{2012-05-12}
6
+ s.date = %q{2012-05-13}
7
7
  s.extra_rdoc_files = [
8
8
  "LICENSE"
9
9
  ]
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml-mod
3
3
  version: !ruby/object:Gem::Version
4
- hash: 3
4
+ hash: 1
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 12
10
- version: 0.1.12
9
+ - 13
10
+ version: 0.1.13
11
11
  platform: ruby
12
12
  authors:
13
13
  - OneLogin LLC
@@ -18,7 +18,7 @@ autorequire:
18
18
  bindir: bin
19
19
  cert_chain: []
20
20
 
21
- date: 2012-05-12 00:00:00 Z
21
+ date: 2012-05-13 00:00:00 Z
22
22
  dependencies:
23
23
  - !ruby/object:Gem::Dependency
24
24
  name: libxml-ruby