ruby-saml-mod 0.1.28 → 0.1.29

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/lib/xml_sec.rb +41 -4
  2. data/ruby-saml-mod.gemspec +1 -1
  3. metadata +18 -12
  4. checksums.yaml +0 -7
data/lib/xml_sec.rb CHANGED
@@ -84,7 +84,7 @@ module XMLSecurity
84
84
 
85
85
  class XmlSecPtrList < FFI::Struct
86
86
  layout \
87
- :id, :string,
87
+ :id, :pointer,
88
88
  :data, :pointer, # xmlSecPtr*
89
89
  :use, :uint,
90
90
  :max, :uint,
@@ -120,6 +120,19 @@ module XMLSecurity
120
120
  :reserved1, :pointer # void *
121
121
  end
122
122
 
123
+ class XmlSecTransformUriType
124
+ None = 0x0000
125
+ Empty = 0x0001
126
+ SameDocument = 0x0002
127
+ Local = 0x0004
128
+ Remote = 0x0008
129
+ Any = 0xFFFF
130
+
131
+ def self.conservative
132
+ (Empty | SameDocument)
133
+ end
134
+ end
135
+
123
136
  class XmlSecKeyInfoCtx < FFI::Struct
124
137
  layout \
125
138
  :userDate, :pointer,
@@ -152,7 +165,7 @@ module XMLSecurity
152
165
  :keyInfoWriteCtx, XmlSecKeyInfoCtx.by_value,
153
166
  :transformCtx, XmlSecTransformCtx.by_value,
154
167
  :enabledReferenceUris, :uint, # xmlSecTransformUriType
155
- :enabledReferenceTransforms, :pointer, # xmlSecPtrListPtr
168
+ :enabledReferenceTransforms, XmlSecPtrList.by_ref, # xmlSecPtrListPtr
156
169
  :referencePreExecuteCallback, :pointer, # xmlSecTransformCtxPreExecuteCallback
157
170
  :defSignMethodId, :string, # xmlSecTransformId
158
171
  :defC14NMethodId, :string, # xmlSecTransformId
@@ -223,8 +236,12 @@ module XMLSecurity
223
236
 
224
237
  attach_function :xmlSecDSigCtxSign, [ :pointer, :pointer ], :int
225
238
 
226
-
227
-
239
+ attach_function :xmlSecDSigCtxEnableReferenceTransform, [ :pointer, :pointer ], :int
240
+ attach_function :xmlSecPtrListAdd, [ :pointer, :pointer ], :int
241
+ attach_function :xmlSecPtrListGetItem, [ :pointer, :uint ], :pointer
242
+ attach_function :xmlSecPtrListGetSize, [ :pointer ], :uint
243
+ attach_function :xmlSecTransformIdsGet, [], :pointer
244
+ attach_function :xmlSecTransformXsltGetKlass, [], :pointer
228
245
 
229
246
  # libxml functions
230
247
  attach_function :xmlInitParser, [], :void
@@ -269,6 +286,23 @@ module XMLSecurity
269
286
  xmlSecErrorsDefaultCallbackEnableOutput(true)
270
287
  end
271
288
 
289
+ def self.disable_xslt_transforms!(dsig_context)
290
+ all_transforms = XMLSecurity.xmlSecTransformIdsGet
291
+
292
+ (0...XMLSecurity.xmlSecPtrListGetSize(all_transforms)).each do |pos|
293
+ transform = XMLSecurity.xmlSecPtrListGetItem(all_transforms, pos)
294
+ unless transform == XMLSecurity.xmlSecTransformXsltGetKlass
295
+ XMLSecurity.xmlSecPtrListAdd(dsig_context[:transformCtx][:enabledTransforms], transform)
296
+ XMLSecurity.xmlSecDSigCtxEnableReferenceTransform(dsig_context, transform)
297
+ end
298
+ end
299
+ end
300
+
301
+ def self.disable_remote_references!(dsig_context)
302
+ dsig_context[:transformCtx][:enabledUris] = XmlSecTransformUriType.conservative
303
+ dsig_context[:enabledReferenceUris] = XmlSecTransformUriType.conservative
304
+ end
305
+
272
306
  module SignedDocument
273
307
  attr_reader :validation_error
274
308
 
@@ -366,6 +400,9 @@ module XMLSecurity
366
400
  ctx = XMLSecurity.xmlSecDSigCtxCreate(kmgr)
367
401
  raise "failed creating digital signature context" if ctx.null?
368
402
 
403
+ XMLSecurity.disable_xslt_transforms!(ctx)
404
+ XMLSecurity.disable_remote_references!(ctx)
405
+
369
406
  # verify!
370
407
  raise "failed verifying dsig" if XMLSecurity.xmlSecDSigCtxVerify(ctx, node) < 0
371
408
  result = ctx[:status] == :xmlSecDSigStatusSucceeded
data/ruby-saml-mod.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{ruby-saml-mod}
3
- s.version = "0.1.28"
3
+ s.version = "0.1.29"
4
4
 
5
5
  s.authors = ["OneLogin LLC", "Bracken", "Zach", "Cody", "Jeremy", "Paul"]
6
6
  s.date = %q{2014-05-05}
metadata CHANGED
@@ -1,7 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml-mod
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.28
4
+ version: 0.1.29
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - OneLogin LLC
@@ -18,33 +19,37 @@ dependencies:
18
19
  - !ruby/object:Gem::Dependency
19
20
  name: libxml-ruby
20
21
  requirement: !ruby/object:Gem::Requirement
22
+ none: false
21
23
  requirements:
22
- - - ">="
24
+ - - ! '>='
23
25
  - !ruby/object:Gem::Version
24
26
  version: 2.3.0
25
27
  type: :runtime
26
28
  prerelease: false
27
29
  version_requirements: !ruby/object:Gem::Requirement
30
+ none: false
28
31
  requirements:
29
- - - ">="
32
+ - - ! '>='
30
33
  - !ruby/object:Gem::Version
31
34
  version: 2.3.0
32
35
  - !ruby/object:Gem::Dependency
33
36
  name: ffi
34
37
  requirement: !ruby/object:Gem::Requirement
38
+ none: false
35
39
  requirements:
36
- - - ">="
40
+ - - ! '>='
37
41
  - !ruby/object:Gem::Version
38
42
  version: '0'
39
43
  type: :runtime
40
44
  prerelease: false
41
45
  version_requirements: !ruby/object:Gem::Requirement
46
+ none: false
42
47
  requirements:
43
- - - ">="
48
+ - - ! '>='
44
49
  - !ruby/object:Gem::Version
45
50
  version: '0'
46
- description: 'This is an early fork from https://github.com/onelogin/ruby-saml - I
47
- plan to "rebase" these changes ontop of their current version eventually. '
51
+ description: ! 'This is an early fork from https://github.com/onelogin/ruby-saml -
52
+ I plan to "rebase" these changes ontop of their current version eventually. '
48
53
  email:
49
54
  executables: []
50
55
  extensions: []
@@ -67,25 +72,26 @@ files:
67
72
  - ruby-saml-mod.gemspec
68
73
  homepage: http://github.com/bracken/ruby-saml
69
74
  licenses: []
70
- metadata: {}
71
75
  post_install_message:
72
76
  rdoc_options: []
73
77
  require_paths:
74
78
  - lib
75
79
  required_ruby_version: !ruby/object:Gem::Requirement
80
+ none: false
76
81
  requirements:
77
- - - ">="
82
+ - - ! '>='
78
83
  - !ruby/object:Gem::Version
79
84
  version: '0'
80
85
  required_rubygems_version: !ruby/object:Gem::Requirement
86
+ none: false
81
87
  requirements:
82
- - - ">="
88
+ - - ! '>='
83
89
  - !ruby/object:Gem::Version
84
90
  version: '0'
85
91
  requirements: []
86
92
  rubyforge_project:
87
- rubygems_version: 2.2.2
93
+ rubygems_version: 1.8.23.2
88
94
  signing_key:
89
- specification_version: 4
95
+ specification_version: 3
90
96
  summary: Ruby library for SAML service providers
91
97
  test_files: []
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 364210a5dc8d2c29558b9b0a19c258f64cdb1c9b
4
- data.tar.gz: 5c389976863d3d599ea7fdcf1c91932f0418b169
5
- SHA512:
6
- metadata.gz: b025fe482372d414d6fc263f5bbc2623e7070daa3d5fe8e2f6004b9e51494260f0746339d71791e7911c10be75b5f692069f2a98dc3d8e99985bf99c39cdab63
7
- data.tar.gz: 5826d046b3eccb253f38611afde71d6e602778b1e998d3baf3c7ba1629505821b60bfc4687f8f9e5e63164a305b429adfd39b6ccbd2358450636161eb6a73cdd