ruby-saml 0.8.14 → 0.8.15

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3039afb4b2668c3859e51ae9eff0c1b423d7dda319a7d646b26702de315047af
+  data.tar.gz: 2ef188024bd8030c659b499db22b3b28f2ae24930954f8c45cc69c175b8fc4e3
+SHA512:
+  metadata.gz: 0ab896476c0de2ebcd71b060dc305d091e3b6c3be7abd81ce702389cb8e8409cbd5730a4a73a71dfdfedbeb7a0081f448ed4aec60737a8ce6c1b6fb966ce9c4f
+  data.tar.gz: 203b1fd9b1fa4d23ab66cac8a034d3154a48e243bff21040ae2e873d191e90c0d8b8ccdfee368ca542c306fd58ddcdbeec700047893ae6044b82b406af43de18

data/lib/onelogin/ruby-saml/response.rb

@@ -373,15 +373,6 @@ module OneLogin
         ))
       end
 
-      def get_fingerprint
-        if settings.idp_cert
-          cert = OpenSSL::X509::Certificate.new(settings.idp_cert)
-          Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(":")
-        else
-          settings.idp_cert_fingerprint
-        end
-      end
-
       def validate_conditions(soft = true)
         return true if conditions.nil?
         return true if options[:skip_conditions]
@@ -430,8 +421,8 @@ module OneLogin
 
         opts = {}
         opts[:fingerprint_alg] = OpenSSL::Digest::SHA1.new
-        opts[:cert] = settings.idp_cert
-        fingerprint = get_fingerprint
+        opts[:cert] = settings.get_idp_cert
+        fingerprint = settings.get_fingerprint
 
         unless fingerprint
           return soft ? false : validation_error("No fingerprint or certificate on settings")

data/lib/onelogin/ruby-saml/settings.rb

@@ -117,6 +117,32 @@ module OneLogin
         @single_logout_service_binding = url
       end
 
+      # Calculates the fingerprint of the IdP x509 certificate.
+      # @return [String] The fingerprint
+      #
+      def get_fingerprint
+        idp_cert_fingerprint || begin
+          idp_cert = get_idp_cert
+          if idp_cert
+            Digest::SHA1.hexdigest(idp_cert.to_der).upcase.scan(/../).join(":")
+          end
+        end
+      end
+
+      # @return [OpenSSL::X509::Certificate|nil] Build the IdP certificate from the settings (previously format it)
+      #
+      def get_idp_cert
+        return nil if idp_cert.nil?
+
+        if idp_cert.respond_to?(:to_pem)
+          idp_cert
+        else
+          return nil if idp_cert.empty?
+          formatted_cert = OneLogin::RubySaml::Utils.format_cert(idp_cert)
+          OpenSSL::X509::Certificate.new(formatted_cert)
+        end
+      end
+
       # @return [OpenSSL::X509::Certificate|nil] Build the SP certificate from the settings (previously format it)
       #
       def get_sp_cert

data/lib/onelogin/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '0.8.14'
+    VERSION = '0.8.15'
   end
 end

data/lib/xml_security.rb

@@ -222,7 +222,11 @@ module XMLSecurity
         end
       else
         if options[:cert]
-          base64_cert = Base64.encode64(options[:cert].to_pem)
+          cert = options[:cert]
+          if cert.is_a? String
+            cert = OpenSSL::X509::Certificate.new(cert)
+          end
+          base64_cert = Base64.encode64(cert.to_pem)
         else
           return soft ? false : (raise OneLogin::RubySaml::ValidationError.new("Certificate element missing in response (ds:X509Certificate) and not cert provided at settings"))
         end

data/test/response_test.rb

@@ -229,6 +229,17 @@ class ResponseTest <  Minitest::Test
         assert response.validate!
       end
 
+      it "support signature elements with no KeyInfo if cert provided as text" do
+        response = OneLogin::RubySaml::Response.new(response_document_valid_signed_without_x509certificate)
+        response.stubs(:conditions).returns(nil)
+        settings = OneLogin::RubySaml::Settings.new
+        response.settings = settings
+        settings.idp_cert = ruby_saml_cert_text
+        settings.idp_cert_fingerprint = nil
+        XMLSecurity::SignedDocument.any_instance.expects(:validate_signature).returns(true)
+        assert response.validate!
+      end
+
       it "returns an error if the signature contains no KeyInfo, cert is not provided and soft" do
         response = OneLogin::RubySaml::Response.new(response_document_valid_signed_without_x509certificate)
         response.stubs(:conditions).returns(nil)

data/test/xml_security_test.rb

@@ -383,6 +383,11 @@ class XmlSecurityTest < Minitest::Test
           options[:cert] = idp_cert
           assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
         end
+
+        it 'is valid if cert text instead x509cert provided' do
+          options[:cert] = ruby_saml_cert_text
+          assert document.document.validate_document(idp_cert, true, options), 'Document should be valid'
+        end
       end
 
       describe 'when response has no cert and you dont provide cert' do

metadata

@@ -1,46 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 0.8.14
-  prerelease:
+  version: 0.8.15
 platform: ruby
 authors:
 - OneLogin LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-19 00:00:00.000000000 Z
+date: 2020-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.5.0
 description: SAML toolkit for Ruby on Rails
@@ -51,9 +46,9 @@ extra_rdoc_files:
 - LICENSE
 - README.md
 files:
-- .document
-- .gitignore
-- .travis.yml
+- ".document"
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -132,28 +127,26 @@ files:
 - test/xml_security_test.rb
 homepage: http://github.com/onelogin/ruby-saml
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options:
-- --charset=UTF-8
+- "--charset=UTF-8"
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 1.8.23.2
+rubygems_version: 3.0.4
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: SAML Ruby Tookit
 test_files:
 - test/certificates/certificate1