ruby-saml 0.4.4 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of ruby-saml might be problematic. Click here for more details.

data/Rakefile CHANGED
@@ -10,7 +10,7 @@ begin
10
10
  gem.email = "support@onelogin.com"
11
11
  gem.homepage = "http://github.com/onelogin/ruby-saml"
12
12
  gem.authors = ["OneLogin LLC"]
13
- gem.add_dependency("xmlcanonicalizer","~> 0.1")
13
+ gem.add_dependency("canonix","~> 0.1")
14
14
  gem.add_dependency("uuid","~> 2.3")
15
15
  gem.add_development_dependency "shoulda"
16
16
  gem.add_development_dependency "mocha"
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.4.4
1
+ 0.4.5
@@ -8,13 +8,11 @@ module Onelogin::Saml
8
8
  DSIG = "http://www.w3.org/2000/09/xmldsig#"
9
9
 
10
10
  attr_accessor :response, :document, :logger, :settings, :original
11
- attr_accessor :bypass_conditions_check # for testing only
12
11
 
13
12
  def initialize(response)
14
13
  raise ArgumentError.new("Response cannot be nil") if response.nil?
15
- self.bypass_conditions_check = false
16
- self.response = response
17
- self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
14
+ self.response = response
15
+ self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
18
16
  end
19
17
 
20
18
  def is_valid?
@@ -35,12 +33,14 @@ module Onelogin::Saml
35
33
  end
36
34
 
37
35
  def check_conditions
38
- return true if self.bypass_conditions_check
36
+ return true if conditions.nil?
37
+
38
+ not_before = parse_time(conditions, "NotBefore")
39
+ return false if not_before && Time.now.utc < not_before
40
+
41
+ not_on_or_after = parse_time(conditions, "NotOnOrAfter")
42
+ return false if not_on_or_after && Time.now.utc >= not_on_or_after
39
43
 
40
- cond_element = REXML::XPath.first(document,"/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
41
- return true unless cond_element
42
- return false if cond_element.attribute('NotBefore') and Time.now.utc < parseXsDateTime(cond_element.attribute('NotBefore'))
43
- return false if cond_element.attribute('NotOnOrAfter') and Time.now.utc >= parseXsDateTime(cond_element.attribute('NotOnOrAfter'))
44
44
  true
45
45
  end
46
46
 
@@ -71,15 +71,23 @@ module Onelogin::Saml
71
71
  def session_expires_at
72
72
  @expires_at ||= begin
73
73
  node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
74
- Time.parse(node.attributes["SessionNotOnOrAfter"]) if node && node.attributes["SessionNotOnOrAfter"]
74
+ parse_time(node, "SessionNotOnOrAfter")
75
+ end
76
+ end
77
+
78
+ # Conditions (if any) for the assertion to run
79
+ def conditions
80
+ @conditions ||= begin
81
+ REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
75
82
  end
76
83
  end
77
84
 
78
85
  private
79
86
 
80
- def parseXsDateTime(xsDatetime)
81
- return nil unless xsDatetime.to_s =~ /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z$/
82
- Time.utc($1, $2, $3, $4, $5, $6)
87
+ def parse_time(node, attribute)
88
+ if node && node.attributes[attribute]
89
+ Time.parse(node.attributes[attribute])
90
+ end
83
91
  end
84
92
  end
85
- end
93
+ end
@@ -43,13 +43,13 @@ module XMLSecurity
43
43
 
44
44
  def validate (idp_cert_fingerprint, logger = nil)
45
45
  # get cert from response
46
- base64_cert = self.elements["//ds:X509Certificate"].text
47
- cert_text = Base64.decode64(base64_cert)
48
- cert = OpenSSL::X509::Certificate.new(cert_text)
46
+ base64_cert = self.elements["//ds:X509Certificate"].text
47
+ cert_text = Base64.decode64(base64_cert)
48
+ cert = OpenSSL::X509::Certificate.new(cert_text)
49
49
 
50
50
  # check cert matches registered idp cert
51
- fingerprint = Digest::SHA1.hexdigest(cert.to_der)
52
- valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
51
+ fingerprint = Digest::SHA1.hexdigest(cert.to_der)
52
+ valid_flag = fingerprint == idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
53
53
 
54
54
  return valid_flag if !valid_flag
55
55
 
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{ruby-saml}
8
- s.version = "0.4.4"
8
+ s.version = "0.4.5"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["OneLogin LLC"]
12
- s.date = %q{2011-06-10}
12
+ s.date = %q{2011-06-17}
13
13
  s.description = %q{SAML toolkit for Ruby on Rails}
14
14
  s.email = %q{support@onelogin.com}
15
15
  s.extra_rdoc_files = [
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
35
35
  "test/responses/response2.xml.base64",
36
36
  "test/responses/response3.xml.base64",
37
37
  "test/responses/response4.xml.base64",
38
+ "test/responses/response5.xml.base64",
38
39
  "test/ruby-saml_test.rb",
39
40
  "test/test_helper.rb",
40
41
  "test/xml_security_test.rb"
@@ -55,18 +56,18 @@ Gem::Specification.new do |s|
55
56
  s.specification_version = 3
56
57
 
57
58
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
58
- s.add_runtime_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
59
+ s.add_runtime_dependency(%q<canonix>, ["~> 0.1"])
59
60
  s.add_runtime_dependency(%q<uuid>, ["~> 2.3"])
60
61
  s.add_development_dependency(%q<shoulda>, [">= 0"])
61
62
  s.add_development_dependency(%q<mocha>, [">= 0"])
62
63
  else
63
- s.add_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
64
+ s.add_dependency(%q<canonix>, ["~> 0.1"])
64
65
  s.add_dependency(%q<uuid>, ["~> 2.3"])
65
66
  s.add_dependency(%q<shoulda>, [">= 0"])
66
67
  s.add_dependency(%q<mocha>, [">= 0"])
67
68
  end
68
69
  else
69
- s.add_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
70
+ s.add_dependency(%q<canonix>, ["~> 0.1"])
70
71
  s.add_dependency(%q<uuid>, ["~> 2.3"])
71
72
  s.add_dependency(%q<shoulda>, [">= 0"])
72
73
  s.add_dependency(%q<mocha>, [">= 0"])
@@ -0,0 +1,102 @@
1
+ PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwy
2
+ cDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpT
3
+ QU1MOjIuMDpwcm90b2NvbCIKICAgICAgICAgICAgICAgICBEZXN0aW5hdGlv
4
+ bj0iaHR0cHM6Ly9leGFtcGxlc2FtbC5mb29ibGUuY29tL2FjY2Vzcy9zYW1s
5
+ IiBJRD0iaWQ0MzUwMDE5MDE0NzE3NzIxMDMwODIzNjI0IgogICAgICAgICAg
6
+ ICAgICAgIElzc3VlSW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVa
7
+ IiBWZXJzaW9uPSIyLjAiPgogICAgPHNhbWwyOklzc3VlciB4bWxuczpzYW1s
8
+ Mj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIKICAg
9
+ ICAgICAgICAgICAgICAgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
10
+ TDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmV4YW1wbGUKICAgIDwvc2Ft
11
+ bDI6SXNzdWVyPgogICAgPHNhbWwycDpTdGF0dXMgeG1sbnM6c2FtbDJwPSJ1
12
+ cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPgogICAgICAg
13
+ IDxzYW1sMnA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRj
14
+ OlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgICA8L3NhbWwycDpTdGF0
15
+ dXM+CiAgICA8c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2Fz
16
+ aXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQ0MzUwMDE5
17
+ MDE2NzIzNzcxNTg0NjA0NzQiCiAgICAgICAgICAgICAgICAgICAgIElzc3Vl
18
+ SW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVaIiBWZXJzaW9uPSIy
19
+ LjAiPgogICAgICAgIDxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6
20
+ bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiCiAgICAg
21
+ ICAgICAgICAgICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVz
22
+ OnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+ZXhhbXBsZQogICAgICAgIDwvc2Ft
23
+ bDI6SXNzdWVyPgogICAgICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0
24
+ dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAg
25
+ ICA8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
26
+ MjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgICAgICAgICA8ZHM6Q2Fub25p
27
+ Y2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn
28
+ LzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIKICAgICAgICAgICAgICAgICAgICAg
29
+ ICAgICAgICAgICAgICAgICAgICAgIHhtbG5zOmRzPSJodHRwOi8vd3d3Lncz
30
+ Lm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAgICAgICAgICAgICAgICA8ZHM6
31
+ U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv
32
+ MjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIgogICAgICAgICAgICAgICAgICAg
33
+ ICAgICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
34
+ MjAwMC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgPGRzOlJlZmVy
35
+ ZW5jZSBVUkk9IiNpZDQzNTAwMTkwMTY3MjM3NzE1ODQ2MDQ3NCIgeG1sbnM6
36
+ ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAg
37
+ ICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm1zIHhtbG5zOmRzPSJodHRw
38
+ Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAg
39
+ ICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93
40
+ d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJl
41
+ IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHhtbG5z
42
+ OmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAg
43
+ ICAgICAgICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGht
44
+ PSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiCiAg
45
+ ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sbnM6ZHM9
46
+ Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAg
47
+ ICAgICAgICAgICAgICAgICAgICAgPGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMg
48
+ eG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1j
49
+ MTRuIyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
50
+ ICAgICAgICAgICAgIFByZWZpeExpc3Q9ImRzIHNhbWwyIi8+CiAgICAgICAg
51
+ ICAgICAgICAgICAgICAgIDwvZHM6VHJhbnNmb3JtPgogICAgICAgICAgICAg
52
+ ICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgICAgICAgICAgICAgICA8
53
+ ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv
54
+ MjAwMC8wOS94bWxkc2lnI3NoYTEiCiAgICAgICAgICAgICAgICAgICAgICAg
55
+ ICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw
56
+ MC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgICAgIDxkczpEaWdl
57
+ c3RWYWx1ZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94
58
+ bWxkc2lnIyI+c3R1ZmZpZ0wyeTAybVBXUWxHSU9sbz0KICAgICAgICAgICAg
59
+ ICAgICAgICA8L2RzOkRpZ2VzdFZhbHVlPgogICAgICAgICAgICAgICAgPC9k
60
+ czpSZWZlcmVuY2U+CiAgICAgICAgICAgIDwvZHM6U2lnbmVkSW5mbz4KICAg
61
+ ICAgICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlIHhtbG5zOmRzPSJodHRwOi8v
62
+ d3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAgICAg
63
+ IE85REFPSWVFazFYbFgyWVZkaHFVemd4amJBam9XQjdnam1VQmtWdlRFb1dO
64
+ akYrK2QvcnVFWkFicnVHMXhtblR2VHJ4TXN0S08wRmYKICAgICAgICAgICAg
65
+ ICAgIDk0VVAyN05yeWM1OExmZlF0dzhEVXQ0WVNtR3k5OFM3aFVqS28yeTcy
66
+ VTdPQVp1TnJoV0JYcTZodEc0ZzBJNDk4MTNkSWROS2xkS2QKICAgICAgICAg
67
+ ICAgICAgIGJMSitRMTJIbEM1aUtUWG9pQjQ9CiAgICAgICAgICAgIDwvZHM6
68
+ U2lnbmF0dXJlVmFsdWU+CiAgICAgICAgICAgIDxkczpLZXlJbmZvPgogICAg
69
+ ICAgICAgICAgICAgPGRzOlg1MDlEYXRhPgogICAgICAgICAgICAgICAgICAg
70
+ IDxkczpYNTA5Q2VydGlmaWNhdGU+CiAgICAgICAgICAgICAgICAgICAgICAg
71
+ IHN0dWZmLzZwTW9Mc2NaaDJHTUsrVkE9PQogICAgICAgICAgICAgICAgICAg
72
+ IDwvZHM6WDUwOUNlcnRpZmljYXRlPgogICAgICAgICAgICAgICAgPC9kczpY
73
+ NTA5RGF0YT4KICAgICAgICAgICAgPC9kczpLZXlJbmZvPgogICAgICAgIDwv
74
+ ZHM6U2lnbmF0dXJlPgogICAgICAgIDxzYW1sMjpTdWJqZWN0IHhtbG5zOnNh
75
+ bWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4K
76
+ ICAgICAgICAgICAgPHNhbWwyOk5hbWVJRD5zb21lb25lLmV4YW1wbGVAZ21h
77
+ aWwuY29tPC9zYW1sMjpOYW1lSUQ+CiAgICAgICAgICAgIDxzYW1sMjpTdWJq
78
+ ZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNB
79
+ TUw6Mi4wOmNtOmJlYXJlciI+CiAgICAgICAgICAgICAgICA8c2FtbDI6U3Vi
80
+ amVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDExLTA2LTE0
81
+ VDE4OjMxOjAxLjUxNloiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
82
+ ICAgICAgICAgICAgICAgICAgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGVz
83
+ YW1sLmZvb2JsZS5jb20vYWNjZXNzL3NhbWwvIi8+CiAgICAgICAgICAgIDwv
84
+ c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8L3NhbWwyOlN1
85
+ YmplY3Q+CiAgICAgICAgPHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIy
86
+ MDExLTA2LTE0VDE4OjIxOjAxLjUxNloiIE5vdE9uT3JBZnRlcj0iMjAxMS0w
87
+ Ni0xNFQxODozMTowMS41MTZaIgogICAgICAgICAgICAgICAgICAgICAgICAg
88
+ IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNz
89
+ ZXJ0aW9uIj4KICAgICAgICAgICAgPHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rp
90
+ b24+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXVkaWVuY2U+Zm9vYmxlLmNv
91
+ bTwvc2FtbDI6QXVkaWVuY2U+CiAgICAgICAgICAgIDwvc2FtbDI6QXVkaWVu
92
+ Y2VSZXN0cmljdGlvbj4KICAgICAgICA8L3NhbWwyOkNvbmRpdGlvbnM+CiAg
93
+ ICAgICAgPHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAx
94
+ MS0wNi0xNFQxODoyNjowMS41MTVaIgogICAgICAgICAgICAgICAgICAgICAg
95
+ ICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6
96
+ Mi4wOmFzc2VydGlvbiI+CiAgICAgICAgICAgIDxzYW1sMjpBdXRobkNvbnRl
97
+ eHQ+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NS
98
+ ZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFz
99
+ c3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQKICAgICAgICAgICAgICAgIDwvc2Ft
100
+ bDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+CiAgICAgICAgICAgIDwvc2FtbDI6
101
+ QXV0aG5Db250ZXh0PgogICAgICAgIDwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+
102
+ CiAgICA8L3NhbWwyOkFzc2VydGlvbj4KPC9zYW1sMnA6UmVzcG9uc2U+
@@ -1,4 +1,4 @@
1
- require 'test_helper'
1
+ require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
2
2
 
3
3
  class RubySamlTest < Test::Unit::TestCase
4
4
 
@@ -39,13 +39,6 @@ class RubySamlTest < Test::Unit::TestCase
39
39
  assert !response.name_id.nil?
40
40
  end
41
41
 
42
- should "check time conditions" do
43
- response = Onelogin::Saml::Response.new(response_document)
44
- assert !response.check_conditions
45
- response = Onelogin::Saml::Response.new(response_document_5)
46
- assert response.check_conditions
47
- end
48
-
49
42
  context "#is_valid?" do
50
43
  should "return false when response is initialized with blank data" do
51
44
  response = Onelogin::Saml::Response.new('')
@@ -59,7 +52,7 @@ class RubySamlTest < Test::Unit::TestCase
59
52
 
60
53
  should "return true when the response is initialized with valid data" do
61
54
  response = Onelogin::Saml::Response.new(response_document_4)
62
- response.bypass_conditions_check = true
55
+ response.expects(:check_conditions).returns(true)
63
56
  assert !response.is_valid?
64
57
  settings = Onelogin::Saml::Settings.new
65
58
  assert !response.is_valid?
@@ -71,7 +64,7 @@ class RubySamlTest < Test::Unit::TestCase
71
64
 
72
65
  should "not allow signature wrapping attack" do
73
66
  response = Onelogin::Saml::Response.new(response_document_4)
74
- response.bypass_conditions_check = true
67
+ response.expects(:check_conditions).returns(true)
75
68
  settings = Onelogin::Saml::Settings.new
76
69
  settings.idp_cert_fingerprint = signature_fingerprint_1
77
70
  response.settings = settings
@@ -90,6 +83,19 @@ class RubySamlTest < Test::Unit::TestCase
90
83
  end
91
84
  end
92
85
 
86
+ context "#check_conditions" do
87
+ should "check time conditions" do
88
+ response = Onelogin::Saml::Response.new(response_document)
89
+ assert !response.check_conditions
90
+ response = Onelogin::Saml::Response.new(response_document_6)
91
+ assert response.check_conditions
92
+ time = Time.parse("2011-06-14T18:25:01.516Z")
93
+ Time.stubs(:now).returns(time)
94
+ response = Onelogin::Saml::Response.new(response_document_5)
95
+ assert response.check_conditions
96
+ end
97
+ end
98
+
93
99
  context "#attributes" do
94
100
  should "extract the first attribute in a hash accessed via its symbol" do
95
101
  response = Onelogin::Saml::Response.new(response_document)
@@ -130,12 +136,20 @@ class RubySamlTest < Test::Unit::TestCase
130
136
  end
131
137
 
132
138
  context "Authrequest" do
133
- should "create the SAMLRequest URL parameter" do
139
+ should "create the deflated SAMLRequest URL parameter" do
134
140
  settings = Onelogin::Saml::Settings.new
135
141
  settings.idp_sso_target_url = "http://stuff.com"
136
142
  auth_url = Onelogin::Saml::Authrequest.new.create(settings)
137
143
  assert auth_url =~ /^http:\/\/stuff\.com\?SAMLRequest=/
138
- payload = CGI.unescape(auth_url.split("=").last)
144
+ payload = CGI.unescape(auth_url.split("=").last)
145
+ decoded = Base64.decode64(payload)
146
+
147
+ zstream = Zlib::Inflate.new(-Zlib::MAX_WBITS)
148
+ inflated = zstream.inflate(decoded)
149
+ zstream.finish
150
+ zstream.close
151
+
152
+ assert_match /^<samlp:AuthnRequest/, inflated
139
153
  end
140
154
 
141
155
  should "accept extra parameters" do
@@ -23,14 +23,18 @@ class Test::Unit::TestCase
23
23
  def response_document_4
24
24
  @response_document4 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response4.xml.base64'))
25
25
  end
26
-
26
+
27
27
  def response_document_5
28
+ @response_document5 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response5.xml.base64'))
29
+ end
30
+
31
+ def response_document_6
28
32
  doc = Base64.decode64(response_document)
29
33
  doc.gsub!(/NotBefore=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotBefore=\"#{(Time.now-300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
30
34
  doc.gsub!(/NotOnOrAfter=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotOnOrAfter=\"#{(Time.now+300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
31
35
  Base64.encode64(doc)
32
36
  end
33
-
37
+
34
38
  def signature_fingerprint_1
35
39
  @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
36
40
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- hash: 7
4
+ hash: 5
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 4
9
- - 4
10
- version: 0.4.4
9
+ - 5
10
+ version: 0.4.5
11
11
  platform: ruby
12
12
  authors:
13
13
  - OneLogin LLC
@@ -15,11 +15,11 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-06-10 00:00:00 -05:00
18
+ date: 2011-06-17 00:00:00 +02:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
22
- name: xmlcanonicalizer
22
+ name: canonix
23
23
  prerelease: false
24
24
  requirement: &id001 !ruby/object:Gem::Requirement
25
25
  none: false
@@ -104,6 +104,7 @@ files:
104
104
  - test/responses/response2.xml.base64
105
105
  - test/responses/response3.xml.base64
106
106
  - test/responses/response4.xml.base64
107
+ - test/responses/response5.xml.base64
107
108
  - test/ruby-saml_test.rb
108
109
  - test/test_helper.rb
109
110
  - test/xml_security_test.rb