ruby-saml-mod 0.1.11 → 0.1.12
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/xml_sec.rb +5 -6
- data/ruby-saml-mod.gemspec +2 -2
- metadata +5 -4
data/lib/xml_sec.rb
CHANGED
|
@@ -58,11 +58,10 @@ module XMLSecurity
|
|
|
58
58
|
|
|
59
59
|
def validate_doc(base64_cert, logger)
|
|
60
60
|
# validate references
|
|
61
|
-
|
|
62
61
|
sig_element = find_first("//ds:Signature", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
|
|
63
62
|
|
|
64
63
|
# check digests
|
|
65
|
-
sig_element.find("
|
|
64
|
+
sig_element.find(".//ds:Reference", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).each do |ref|
|
|
66
65
|
# Find the referenced element
|
|
67
66
|
uri = ref["URI"]
|
|
68
67
|
ref_element = find_first("//*[@ID='#{uri[1,uri.size]}']")
|
|
@@ -72,13 +71,13 @@ module XMLSecurity
|
|
|
72
71
|
ref_document.root = ref_document.import(ref_element)
|
|
73
72
|
|
|
74
73
|
# Remove the Signature node
|
|
75
|
-
ref_document_sig_element = ref_document.find_first("
|
|
74
|
+
ref_document_sig_element = ref_document.find_first(".//ds:Signature", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
|
|
76
75
|
ref_document_sig_element.remove! if ref_document_sig_element
|
|
77
76
|
|
|
78
77
|
# Canonicalize the referenced element's document
|
|
79
78
|
ref_document_canonicalized = ref_document.canonicalize
|
|
80
79
|
hash = Base64::encode64(Digest::SHA1.digest(ref_document_canonicalized)).chomp
|
|
81
|
-
digest_value = sig_element.find_first("
|
|
80
|
+
digest_value = sig_element.find_first(".//ds:DigestValue", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).content
|
|
82
81
|
|
|
83
82
|
if hash != digest_value
|
|
84
83
|
@validation_error = <<-EOF.gsub(/^\s+/, '')
|
|
@@ -97,10 +96,10 @@ module XMLSecurity
|
|
|
97
96
|
end
|
|
98
97
|
|
|
99
98
|
# verify signature
|
|
100
|
-
signed_info_element = sig_element.find_first("
|
|
99
|
+
signed_info_element = sig_element.find_first(".//ds:SignedInfo", { "ds" => "http://www.w3.org/2000/09/xmldsig#" })
|
|
101
100
|
canon_string = canonicalize_node(signed_info_element)
|
|
102
101
|
|
|
103
|
-
base64_signature = sig_element.find_first("
|
|
102
|
+
base64_signature = sig_element.find_first(".//ds:SignatureValue", { "ds" => "http://www.w3.org/2000/09/xmldsig#" }).content
|
|
104
103
|
signature = Base64.decode64(base64_signature)
|
|
105
104
|
|
|
106
105
|
cert_text = Base64.decode64(base64_cert)
|
data/ruby-saml-mod.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-saml-mod
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 3
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 12
|
|
10
|
+
version: 0.1.12
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- OneLogin LLC
|
|
@@ -18,7 +18,7 @@ autorequire:
|
|
|
18
18
|
bindir: bin
|
|
19
19
|
cert_chain: []
|
|
20
20
|
|
|
21
|
-
date: 2012-05-
|
|
21
|
+
date: 2012-05-12 00:00:00 Z
|
|
22
22
|
dependencies:
|
|
23
23
|
- !ruby/object:Gem::Dependency
|
|
24
24
|
name: libxml-ruby
|
|
@@ -94,3 +94,4 @@ specification_version: 3
|
|
|
94
94
|
summary: Ruby library for SAML service providers
|
|
95
95
|
test_files: []
|
|
96
96
|
|
|
97
|
+
has_rdoc:
|