ruby-saml 1.11.0 → 1.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (160) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +25 -0
  3. data/{changelog.md → CHANGELOG.md} +44 -1
  4. data/README.md +333 -217
  5. data/UPGRADING.md +149 -0
  6. data/lib/onelogin/ruby-saml/attributes.rb +24 -1
  7. data/lib/onelogin/ruby-saml/authrequest.rb +11 -7
  8. data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +154 -83
  9. data/lib/onelogin/ruby-saml/logoutrequest.rb +12 -6
  10. data/lib/onelogin/ruby-saml/logoutresponse.rb +5 -1
  11. data/lib/onelogin/ruby-saml/metadata.rb +62 -17
  12. data/lib/onelogin/ruby-saml/response.rb +51 -31
  13. data/lib/onelogin/ruby-saml/saml_message.rb +8 -3
  14. data/lib/onelogin/ruby-saml/setting_error.rb +6 -0
  15. data/lib/onelogin/ruby-saml/settings.rb +89 -49
  16. data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +16 -4
  17. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +31 -17
  18. data/lib/onelogin/ruby-saml/utils.rb +63 -2
  19. data/lib/onelogin/ruby-saml/version.rb +1 -1
  20. data/lib/xml_security.rb +39 -13
  21. data/ruby-saml.gemspec +8 -4
  22. metadata +24 -282
  23. data/.travis.yml +0 -46
  24. data/test/certificates/certificate.der +0 -0
  25. data/test/certificates/certificate1 +0 -12
  26. data/test/certificates/certificate_without_head_foot +0 -1
  27. data/test/certificates/formatted_certificate +0 -14
  28. data/test/certificates/formatted_chained_certificate +0 -42
  29. data/test/certificates/formatted_private_key +0 -12
  30. data/test/certificates/formatted_rsa_private_key +0 -12
  31. data/test/certificates/invalid_certificate1 +0 -1
  32. data/test/certificates/invalid_certificate2 +0 -1
  33. data/test/certificates/invalid_certificate3 +0 -12
  34. data/test/certificates/invalid_chained_certificate1 +0 -1
  35. data/test/certificates/invalid_private_key1 +0 -1
  36. data/test/certificates/invalid_private_key2 +0 -1
  37. data/test/certificates/invalid_private_key3 +0 -10
  38. data/test/certificates/invalid_rsa_private_key1 +0 -1
  39. data/test/certificates/invalid_rsa_private_key2 +0 -1
  40. data/test/certificates/invalid_rsa_private_key3 +0 -10
  41. data/test/certificates/ruby-saml-2.crt +0 -15
  42. data/test/certificates/ruby-saml.crt +0 -14
  43. data/test/certificates/ruby-saml.key +0 -15
  44. data/test/idp_metadata_parser_test.rb +0 -594
  45. data/test/logging_test.rb +0 -62
  46. data/test/logout_requests/invalid_slo_request.xml +0 -6
  47. data/test/logout_requests/slo_request.xml +0 -4
  48. data/test/logout_requests/slo_request.xml.base64 +0 -1
  49. data/test/logout_requests/slo_request_deflated.xml.base64 +0 -1
  50. data/test/logout_requests/slo_request_with_name_id_format.xml +0 -4
  51. data/test/logout_requests/slo_request_with_session_index.xml +0 -5
  52. data/test/logout_responses/logoutresponse_fixtures.rb +0 -86
  53. data/test/logoutrequest_test.rb +0 -260
  54. data/test/logoutresponse_test.rb +0 -427
  55. data/test/metadata/idp_descriptor.xml +0 -26
  56. data/test/metadata/idp_descriptor_2.xml +0 -56
  57. data/test/metadata/idp_descriptor_3.xml +0 -14
  58. data/test/metadata/idp_descriptor_4.xml +0 -72
  59. data/test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml +0 -72
  60. data/test/metadata/idp_metadata_multi_certs.xml +0 -75
  61. data/test/metadata/idp_metadata_multi_signing_certs.xml +0 -52
  62. data/test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml +0 -71
  63. data/test/metadata/idp_multiple_descriptors.xml +0 -59
  64. data/test/metadata/idp_multiple_descriptors_2.xml +0 -59
  65. data/test/metadata/no_idp_descriptor.xml +0 -21
  66. data/test/metadata_test.rb +0 -331
  67. data/test/request_test.rb +0 -340
  68. data/test/response_test.rb +0 -1629
  69. data/test/responses/adfs_response_sha1.xml +0 -46
  70. data/test/responses/adfs_response_sha256.xml +0 -46
  71. data/test/responses/adfs_response_sha384.xml +0 -46
  72. data/test/responses/adfs_response_sha512.xml +0 -46
  73. data/test/responses/adfs_response_xmlns.xml +0 -45
  74. data/test/responses/attackxee.xml +0 -13
  75. data/test/responses/invalids/duplicated_attributes.xml.base64 +0 -1
  76. data/test/responses/invalids/empty_destination.xml.base64 +0 -1
  77. data/test/responses/invalids/empty_nameid.xml.base64 +0 -1
  78. data/test/responses/invalids/encrypted_new_attack.xml.base64 +0 -1
  79. data/test/responses/invalids/invalid_audience.xml.base64 +0 -1
  80. data/test/responses/invalids/invalid_issuer_assertion.xml.base64 +0 -1
  81. data/test/responses/invalids/invalid_issuer_message.xml.base64 +0 -1
  82. data/test/responses/invalids/invalid_signature_position.xml.base64 +0 -1
  83. data/test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64 +0 -1
  84. data/test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64 +0 -1
  85. data/test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64 +0 -1
  86. data/test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64 +0 -1
  87. data/test/responses/invalids/multiple_assertions.xml.base64 +0 -2
  88. data/test/responses/invalids/multiple_signed.xml.base64 +0 -1
  89. data/test/responses/invalids/no_authnstatement.xml.base64 +0 -1
  90. data/test/responses/invalids/no_conditions.xml.base64 +0 -1
  91. data/test/responses/invalids/no_id.xml.base64 +0 -1
  92. data/test/responses/invalids/no_issuer_assertion.xml.base64 +0 -1
  93. data/test/responses/invalids/no_issuer_response.xml.base64 +0 -1
  94. data/test/responses/invalids/no_nameid.xml.base64 +0 -1
  95. data/test/responses/invalids/no_saml2.xml.base64 +0 -1
  96. data/test/responses/invalids/no_signature.xml.base64 +0 -1
  97. data/test/responses/invalids/no_status.xml.base64 +0 -1
  98. data/test/responses/invalids/no_status_code.xml.base64 +0 -1
  99. data/test/responses/invalids/no_subjectconfirmation_data.xml.base64 +0 -1
  100. data/test/responses/invalids/no_subjectconfirmation_method.xml.base64 +0 -1
  101. data/test/responses/invalids/response_invalid_signed_element.xml.base64 +0 -1
  102. data/test/responses/invalids/response_with_concealed_signed_assertion.xml +0 -51
  103. data/test/responses/invalids/response_with_doubled_signed_assertion.xml +0 -49
  104. data/test/responses/invalids/signature_wrapping_attack.xml.base64 +0 -1
  105. data/test/responses/invalids/status_code_responder.xml.base64 +0 -1
  106. data/test/responses/invalids/status_code_responer_and_msg.xml.base64 +0 -1
  107. data/test/responses/invalids/wrong_spnamequalifier.xml.base64 +0 -1
  108. data/test/responses/no_signature_ns.xml +0 -48
  109. data/test/responses/open_saml_response.xml +0 -56
  110. data/test/responses/response_assertion_wrapped.xml.base64 +0 -93
  111. data/test/responses/response_audience_self_closed_tag.xml.base64 +0 -1
  112. data/test/responses/response_double_status_code.xml.base64 +0 -1
  113. data/test/responses/response_encrypted_attrs.xml.base64 +0 -1
  114. data/test/responses/response_encrypted_nameid.xml.base64 +0 -1
  115. data/test/responses/response_eval.xml +0 -7
  116. data/test/responses/response_no_cert_and_encrypted_attrs.xml +0 -29
  117. data/test/responses/response_node_text_attack.xml.base64 +0 -1
  118. data/test/responses/response_node_text_attack2.xml.base64 +0 -1
  119. data/test/responses/response_node_text_attack3.xml.base64 +0 -1
  120. data/test/responses/response_unsigned_xml_base64 +0 -1
  121. data/test/responses/response_with_ampersands.xml +0 -139
  122. data/test/responses/response_with_ampersands.xml.base64 +0 -93
  123. data/test/responses/response_with_ds_namespace_at_the_root.xml.base64 +0 -1
  124. data/test/responses/response_with_multiple_attribute_statements.xml +0 -72
  125. data/test/responses/response_with_multiple_attribute_values.xml +0 -67
  126. data/test/responses/response_with_retrieval_method.xml +0 -26
  127. data/test/responses/response_with_saml2_namespace.xml.base64 +0 -102
  128. data/test/responses/response_with_signed_assertion.xml.base64 +0 -66
  129. data/test/responses/response_with_signed_assertion_2.xml.base64 +0 -1
  130. data/test/responses/response_with_signed_assertion_3.xml +0 -30
  131. data/test/responses/response_with_signed_message_and_assertion.xml +0 -34
  132. data/test/responses/response_with_undefined_recipient.xml.base64 +0 -1
  133. data/test/responses/response_without_attributes.xml.base64 +0 -79
  134. data/test/responses/response_without_reference_uri.xml.base64 +0 -1
  135. data/test/responses/response_wrapped.xml.base64 +0 -150
  136. data/test/responses/signed_message_encrypted_signed_assertion.xml.base64 +0 -1
  137. data/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64 +0 -1
  138. data/test/responses/signed_nameid_in_atts.xml +0 -47
  139. data/test/responses/signed_unqual_nameid_in_atts.xml +0 -47
  140. data/test/responses/simple_saml_php.xml +0 -71
  141. data/test/responses/starfield_response.xml.base64 +0 -1
  142. data/test/responses/test_sign.xml +0 -43
  143. data/test/responses/unsigned_encrypted_adfs.xml +0 -23
  144. data/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64 +0 -1
  145. data/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64 +0 -1
  146. data/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64 +0 -1
  147. data/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64 +0 -1
  148. data/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64 +0 -1
  149. data/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64 +0 -1
  150. data/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64 +0 -1
  151. data/test/responses/valid_response.xml.base64 +0 -1
  152. data/test/responses/valid_response_with_formatted_x509certificate.xml.base64 +0 -1
  153. data/test/responses/valid_response_without_x509certificate.xml.base64 +0 -1
  154. data/test/saml_message_test.rb +0 -56
  155. data/test/settings_test.rb +0 -338
  156. data/test/slo_logoutrequest_test.rb +0 -467
  157. data/test/slo_logoutresponse_test.rb +0 -233
  158. data/test/test_helper.rb +0 -333
  159. data/test/utils_test.rb +0 -259
  160. data/test/xml_security_test.rb +0 -421
@@ -1,5 +1,5 @@
1
1
  module OneLogin
2
2
  module RubySaml
3
- VERSION = '1.11.0'
3
+ VERSION = '1.13.0'
4
4
  end
5
5
  end
data/lib/xml_security.rb CHANGED
@@ -159,15 +159,13 @@ module XMLSecurity
159
159
  x509_cert_element.text = Base64.encode64(certificate.to_der).gsub(/\n/, "")
160
160
 
161
161
  # add the signature
162
- issuer_element = self.elements["//saml:Issuer"]
162
+ issuer_element = elements["//saml:Issuer"]
163
163
  if issuer_element
164
- self.root.insert_after issuer_element, signature_element
164
+ root.insert_after(issuer_element, signature_element)
165
+ elsif first_child = root.children[0]
166
+ root.insert_before(first_child, signature_element)
165
167
  else
166
- if sp_sso_descriptor = self.elements["/md:EntityDescriptor"]
167
- self.root.insert_before sp_sso_descriptor, signature_element
168
- else
169
- self.root.add_element(signature_element)
170
- end
168
+ root.add_element(signature_element)
171
169
  end
172
170
  end
173
171
 
@@ -212,7 +210,7 @@ module XMLSecurity
212
210
  begin
213
211
  cert = OpenSSL::X509::Certificate.new(cert_text)
214
212
  rescue OpenSSL::X509::CertificateError => _e
215
- return append_error("Certificate Error", soft)
213
+ return append_error("Document Certificate Error", soft)
216
214
  end
217
215
 
218
216
  if options[:fingerprint_alg]
@@ -224,7 +222,6 @@ module XMLSecurity
224
222
 
225
223
  # check cert matches registered idp cert
226
224
  if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
227
- @errors << "Fingerprint mismatch"
228
225
  return append_error("Fingerprint mismatch", soft)
229
226
  end
230
227
  else
@@ -241,7 +238,7 @@ module XMLSecurity
241
238
  validate_signature(base64_cert, soft)
242
239
  end
243
240
 
244
- def validate_document_with_cert(idp_cert)
241
+ def validate_document_with_cert(idp_cert, soft = true)
245
242
  # get cert from response
246
243
  cert_element = REXML::XPath.first(
247
244
  self,
@@ -255,12 +252,12 @@ module XMLSecurity
255
252
  begin
256
253
  cert = OpenSSL::X509::Certificate.new(cert_text)
257
254
  rescue OpenSSL::X509::CertificateError => _e
258
- return append_error("Certificate Error", soft)
255
+ return append_error("Document Certificate Error", soft)
259
256
  end
260
257
 
261
258
  # check saml response cert matches provided idp cert
262
259
  if idp_cert.to_pem != cert.to_pem
263
- return false
260
+ return append_error("Certificate of the Signature element does not match provided certificate", soft)
264
261
  end
265
262
  else
266
263
  base64_cert = Base64.encode64(idp_cert.to_pem)
@@ -326,6 +323,9 @@ module XMLSecurity
326
323
  '//ds:CanonicalizationMethod',
327
324
  { "ds" => DSIG }
328
325
  )
326
+
327
+ canon_algorithm = process_transforms(ref, canon_algorithm)
328
+
329
329
  canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
330
330
 
331
331
  digest_algorithm = algorithm(REXML::XPath.first(
@@ -342,7 +342,6 @@ module XMLSecurity
342
342
  digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
343
343
 
344
344
  unless digests_match?(hash, digest_value)
345
- @errors << "Digest mismatch"
346
345
  return append_error("Digest mismatch", soft)
347
346
  end
348
347
 
@@ -360,6 +359,33 @@ module XMLSecurity
360
359
 
361
360
  private
362
361
 
362
+ def process_transforms(ref, canon_algorithm)
363
+ transforms = REXML::XPath.match(
364
+ ref,
365
+ "//ds:Transforms/ds:Transform",
366
+ { "ds" => DSIG }
367
+ )
368
+
369
+ transforms.each do |transform_element|
370
+ if transform_element.attributes && transform_element.attributes["Algorithm"]
371
+ algorithm = transform_element.attributes["Algorithm"]
372
+ case algorithm
373
+ when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
374
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
375
+ canon_algorithm = Nokogiri::XML::XML_C14N_1_0
376
+ when "http://www.w3.org/2006/12/xml-c14n11",
377
+ "http://www.w3.org/2006/12/xml-c14n11#WithComments"
378
+ canon_algorithm = Nokogiri::XML::XML_C14N_1_1
379
+ when "http://www.w3.org/2001/10/xml-exc-c14n#",
380
+ "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
381
+ canon_algorithm = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
382
+ end
383
+ end
384
+ end
385
+
386
+ canon_algorithm
387
+ end
388
+
363
389
  def digests_match?(hash, digest_value)
364
390
  hash == digest_value
365
391
  end
data/ruby-saml.gemspec CHANGED
@@ -15,14 +15,13 @@ Gem::Specification.new do |s|
15
15
  "LICENSE",
16
16
  "README.md"
17
17
  ]
18
- s.files = `git ls-files`.split("\n")
19
- s.homepage = %q{http://github.com/onelogin/ruby-saml}
18
+ s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
19
+ s.homepage = %q{https://github.com/onelogin/ruby-saml}
20
20
  s.rdoc_options = ["--charset=UTF-8"]
21
21
  s.require_paths = ["lib"]
22
22
  s.rubygems_version = %q{1.3.7}
23
23
  s.required_ruby_version = '>= 1.8.7'
24
24
  s.summary = %q{SAML Ruby Tookit}
25
- s.test_files = `git ls-files test/*`.split("\n")
26
25
 
27
26
  # Because runtime dependencies are determined at build time, we cannot make
28
27
  # Nokogiri's version dependent on the Ruby version, even though we would
@@ -31,6 +30,7 @@ Gem::Specification.new do |s|
31
30
  if JRUBY_VERSION < '9.2.0.0'
32
31
  s.add_runtime_dependency('nokogiri', '>= 1.8.2', '<= 1.8.5')
33
32
  s.add_runtime_dependency('jruby-openssl', '>= 0.9.8')
33
+ s.add_runtime_dependency('json', '< 2.3.0')
34
34
  else
35
35
  s.add_runtime_dependency('nokogiri', '>= 1.8.2')
36
36
  end
@@ -39,8 +39,12 @@ Gem::Specification.new do |s|
39
39
  s.add_runtime_dependency('nokogiri', '<= 1.5.11')
40
40
  elsif RUBY_VERSION < '2.1'
41
41
  s.add_runtime_dependency('nokogiri', '>= 1.5.10', '<= 1.6.8.1')
42
+ s.add_runtime_dependency('json', '< 2.3.0')
43
+ elsif RUBY_VERSION < '2.3'
44
+ s.add_runtime_dependency('nokogiri', '>= 1.9.1', '<= 1.10.0')
42
45
  else
43
- s.add_runtime_dependency('nokogiri', '>= 1.5.10')
46
+ s.add_runtime_dependency('nokogiri', '>= 1.10.5')
47
+ s.add_runtime_dependency('rexml')
44
48
  end
45
49
 
46
50
  s.add_development_dependency('coveralls')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.11.0
4
+ version: 1.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - OneLogin LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-24 00:00:00.000000000 Z
11
+ date: 2021-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 1.5.10
19
+ version: 1.10.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 1.5.10
26
+ version: 1.10.5
27
+ - !ruby/object:Gem::Dependency
28
+ name: rexml
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: coveralls
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -159,13 +173,14 @@ extra_rdoc_files:
159
173
  - README.md
160
174
  files:
161
175
  - ".document"
176
+ - ".github/workflows/test.yml"
162
177
  - ".gitignore"
163
- - ".travis.yml"
178
+ - CHANGELOG.md
164
179
  - Gemfile
165
180
  - LICENSE
166
181
  - README.md
167
182
  - Rakefile
168
- - changelog.md
183
+ - UPGRADING.md
169
184
  - gemfiles/nokogiri-1.5.gemfile
170
185
  - lib/onelogin/ruby-saml.rb
171
186
  - lib/onelogin/ruby-saml/attribute_service.rb
@@ -180,6 +195,7 @@ files:
180
195
  - lib/onelogin/ruby-saml/metadata.rb
181
196
  - lib/onelogin/ruby-saml/response.rb
182
197
  - lib/onelogin/ruby-saml/saml_message.rb
198
+ - lib/onelogin/ruby-saml/setting_error.rb
183
199
  - lib/onelogin/ruby-saml/settings.rb
184
200
  - lib/onelogin/ruby-saml/slo_logoutrequest.rb
185
201
  - lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -201,144 +217,7 @@ files:
201
217
  - lib/schemas/xmldsig-core-schema.xsd
202
218
  - lib/xml_security.rb
203
219
  - ruby-saml.gemspec
204
- - test/certificates/certificate.der
205
- - test/certificates/certificate1
206
- - test/certificates/certificate_without_head_foot
207
- - test/certificates/formatted_certificate
208
- - test/certificates/formatted_chained_certificate
209
- - test/certificates/formatted_private_key
210
- - test/certificates/formatted_rsa_private_key
211
- - test/certificates/invalid_certificate1
212
- - test/certificates/invalid_certificate2
213
- - test/certificates/invalid_certificate3
214
- - test/certificates/invalid_chained_certificate1
215
- - test/certificates/invalid_private_key1
216
- - test/certificates/invalid_private_key2
217
- - test/certificates/invalid_private_key3
218
- - test/certificates/invalid_rsa_private_key1
219
- - test/certificates/invalid_rsa_private_key2
220
- - test/certificates/invalid_rsa_private_key3
221
- - test/certificates/ruby-saml-2.crt
222
- - test/certificates/ruby-saml.crt
223
- - test/certificates/ruby-saml.key
224
- - test/idp_metadata_parser_test.rb
225
- - test/logging_test.rb
226
- - test/logout_requests/invalid_slo_request.xml
227
- - test/logout_requests/slo_request.xml
228
- - test/logout_requests/slo_request.xml.base64
229
- - test/logout_requests/slo_request_deflated.xml.base64
230
- - test/logout_requests/slo_request_with_name_id_format.xml
231
- - test/logout_requests/slo_request_with_session_index.xml
232
- - test/logout_responses/logoutresponse_fixtures.rb
233
- - test/logoutrequest_test.rb
234
- - test/logoutresponse_test.rb
235
- - test/metadata/idp_descriptor.xml
236
- - test/metadata/idp_descriptor_2.xml
237
- - test/metadata/idp_descriptor_3.xml
238
- - test/metadata/idp_descriptor_4.xml
239
- - test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
240
- - test/metadata/idp_metadata_multi_certs.xml
241
- - test/metadata/idp_metadata_multi_signing_certs.xml
242
- - test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
243
- - test/metadata/idp_multiple_descriptors.xml
244
- - test/metadata/idp_multiple_descriptors_2.xml
245
- - test/metadata/no_idp_descriptor.xml
246
- - test/metadata_test.rb
247
- - test/request_test.rb
248
- - test/response_test.rb
249
- - test/responses/adfs_response_sha1.xml
250
- - test/responses/adfs_response_sha256.xml
251
- - test/responses/adfs_response_sha384.xml
252
- - test/responses/adfs_response_sha512.xml
253
- - test/responses/adfs_response_xmlns.xml
254
- - test/responses/attackxee.xml
255
- - test/responses/invalids/duplicated_attributes.xml.base64
256
- - test/responses/invalids/empty_destination.xml.base64
257
- - test/responses/invalids/empty_nameid.xml.base64
258
- - test/responses/invalids/encrypted_new_attack.xml.base64
259
- - test/responses/invalids/invalid_audience.xml.base64
260
- - test/responses/invalids/invalid_issuer_assertion.xml.base64
261
- - test/responses/invalids/invalid_issuer_message.xml.base64
262
- - test/responses/invalids/invalid_signature_position.xml.base64
263
- - test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
264
- - test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
265
- - test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
266
- - test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
267
- - test/responses/invalids/multiple_assertions.xml.base64
268
- - test/responses/invalids/multiple_signed.xml.base64
269
- - test/responses/invalids/no_authnstatement.xml.base64
270
- - test/responses/invalids/no_conditions.xml.base64
271
- - test/responses/invalids/no_id.xml.base64
272
- - test/responses/invalids/no_issuer_assertion.xml.base64
273
- - test/responses/invalids/no_issuer_response.xml.base64
274
- - test/responses/invalids/no_nameid.xml.base64
275
- - test/responses/invalids/no_saml2.xml.base64
276
- - test/responses/invalids/no_signature.xml.base64
277
- - test/responses/invalids/no_status.xml.base64
278
- - test/responses/invalids/no_status_code.xml.base64
279
- - test/responses/invalids/no_subjectconfirmation_data.xml.base64
280
- - test/responses/invalids/no_subjectconfirmation_method.xml.base64
281
- - test/responses/invalids/response_invalid_signed_element.xml.base64
282
- - test/responses/invalids/response_with_concealed_signed_assertion.xml
283
- - test/responses/invalids/response_with_doubled_signed_assertion.xml
284
- - test/responses/invalids/signature_wrapping_attack.xml.base64
285
- - test/responses/invalids/status_code_responder.xml.base64
286
- - test/responses/invalids/status_code_responer_and_msg.xml.base64
287
- - test/responses/invalids/wrong_spnamequalifier.xml.base64
288
- - test/responses/no_signature_ns.xml
289
- - test/responses/open_saml_response.xml
290
- - test/responses/response_assertion_wrapped.xml.base64
291
- - test/responses/response_audience_self_closed_tag.xml.base64
292
- - test/responses/response_double_status_code.xml.base64
293
- - test/responses/response_encrypted_attrs.xml.base64
294
- - test/responses/response_encrypted_nameid.xml.base64
295
- - test/responses/response_eval.xml
296
- - test/responses/response_no_cert_and_encrypted_attrs.xml
297
- - test/responses/response_node_text_attack.xml.base64
298
- - test/responses/response_node_text_attack2.xml.base64
299
- - test/responses/response_node_text_attack3.xml.base64
300
- - test/responses/response_unsigned_xml_base64
301
- - test/responses/response_with_ampersands.xml
302
- - test/responses/response_with_ampersands.xml.base64
303
- - test/responses/response_with_ds_namespace_at_the_root.xml.base64
304
- - test/responses/response_with_multiple_attribute_statements.xml
305
- - test/responses/response_with_multiple_attribute_values.xml
306
- - test/responses/response_with_retrieval_method.xml
307
- - test/responses/response_with_saml2_namespace.xml.base64
308
- - test/responses/response_with_signed_assertion.xml.base64
309
- - test/responses/response_with_signed_assertion_2.xml.base64
310
- - test/responses/response_with_signed_assertion_3.xml
311
- - test/responses/response_with_signed_message_and_assertion.xml
312
- - test/responses/response_with_undefined_recipient.xml.base64
313
- - test/responses/response_without_attributes.xml.base64
314
- - test/responses/response_without_reference_uri.xml.base64
315
- - test/responses/response_wrapped.xml.base64
316
- - test/responses/signed_message_encrypted_signed_assertion.xml.base64
317
- - test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
318
- - test/responses/signed_nameid_in_atts.xml
319
- - test/responses/signed_unqual_nameid_in_atts.xml
320
- - test/responses/simple_saml_php.xml
321
- - test/responses/starfield_response.xml.base64
322
- - test/responses/test_sign.xml
323
- - test/responses/unsigned_encrypted_adfs.xml
324
- - test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
325
- - test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
326
- - test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
327
- - test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
328
- - test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
329
- - test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
330
- - test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
331
- - test/responses/valid_response.xml.base64
332
- - test/responses/valid_response_with_formatted_x509certificate.xml.base64
333
- - test/responses/valid_response_without_x509certificate.xml.base64
334
- - test/saml_message_test.rb
335
- - test/settings_test.rb
336
- - test/slo_logoutrequest_test.rb
337
- - test/slo_logoutresponse_test.rb
338
- - test/test_helper.rb
339
- - test/utils_test.rb
340
- - test/xml_security_test.rb
341
- homepage: http://github.com/onelogin/ruby-saml
220
+ homepage: https://github.com/onelogin/ruby-saml
342
221
  licenses:
343
222
  - MIT
344
223
  metadata: {}
@@ -363,141 +242,4 @@ rubygems_version: 2.5.2.1
363
242
  signing_key:
364
243
  specification_version: 4
365
244
  summary: SAML Ruby Tookit
366
- test_files:
367
- - test/certificates/certificate.der
368
- - test/certificates/certificate1
369
- - test/certificates/certificate_without_head_foot
370
- - test/certificates/formatted_certificate
371
- - test/certificates/formatted_chained_certificate
372
- - test/certificates/formatted_private_key
373
- - test/certificates/formatted_rsa_private_key
374
- - test/certificates/invalid_certificate1
375
- - test/certificates/invalid_certificate2
376
- - test/certificates/invalid_certificate3
377
- - test/certificates/invalid_chained_certificate1
378
- - test/certificates/invalid_private_key1
379
- - test/certificates/invalid_private_key2
380
- - test/certificates/invalid_private_key3
381
- - test/certificates/invalid_rsa_private_key1
382
- - test/certificates/invalid_rsa_private_key2
383
- - test/certificates/invalid_rsa_private_key3
384
- - test/certificates/ruby-saml-2.crt
385
- - test/certificates/ruby-saml.crt
386
- - test/certificates/ruby-saml.key
387
- - test/idp_metadata_parser_test.rb
388
- - test/logging_test.rb
389
- - test/logout_requests/invalid_slo_request.xml
390
- - test/logout_requests/slo_request.xml
391
- - test/logout_requests/slo_request.xml.base64
392
- - test/logout_requests/slo_request_deflated.xml.base64
393
- - test/logout_requests/slo_request_with_name_id_format.xml
394
- - test/logout_requests/slo_request_with_session_index.xml
395
- - test/logout_responses/logoutresponse_fixtures.rb
396
- - test/logoutrequest_test.rb
397
- - test/logoutresponse_test.rb
398
- - test/metadata/idp_descriptor.xml
399
- - test/metadata/idp_descriptor_2.xml
400
- - test/metadata/idp_descriptor_3.xml
401
- - test/metadata/idp_descriptor_4.xml
402
- - test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
403
- - test/metadata/idp_metadata_multi_certs.xml
404
- - test/metadata/idp_metadata_multi_signing_certs.xml
405
- - test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
406
- - test/metadata/idp_multiple_descriptors.xml
407
- - test/metadata/idp_multiple_descriptors_2.xml
408
- - test/metadata/no_idp_descriptor.xml
409
- - test/metadata_test.rb
410
- - test/request_test.rb
411
- - test/response_test.rb
412
- - test/responses/adfs_response_sha1.xml
413
- - test/responses/adfs_response_sha256.xml
414
- - test/responses/adfs_response_sha384.xml
415
- - test/responses/adfs_response_sha512.xml
416
- - test/responses/adfs_response_xmlns.xml
417
- - test/responses/attackxee.xml
418
- - test/responses/invalids/duplicated_attributes.xml.base64
419
- - test/responses/invalids/empty_destination.xml.base64
420
- - test/responses/invalids/empty_nameid.xml.base64
421
- - test/responses/invalids/encrypted_new_attack.xml.base64
422
- - test/responses/invalids/invalid_audience.xml.base64
423
- - test/responses/invalids/invalid_issuer_assertion.xml.base64
424
- - test/responses/invalids/invalid_issuer_message.xml.base64
425
- - test/responses/invalids/invalid_signature_position.xml.base64
426
- - test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
427
- - test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
428
- - test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
429
- - test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
430
- - test/responses/invalids/multiple_assertions.xml.base64
431
- - test/responses/invalids/multiple_signed.xml.base64
432
- - test/responses/invalids/no_authnstatement.xml.base64
433
- - test/responses/invalids/no_conditions.xml.base64
434
- - test/responses/invalids/no_id.xml.base64
435
- - test/responses/invalids/no_issuer_assertion.xml.base64
436
- - test/responses/invalids/no_issuer_response.xml.base64
437
- - test/responses/invalids/no_nameid.xml.base64
438
- - test/responses/invalids/no_saml2.xml.base64
439
- - test/responses/invalids/no_signature.xml.base64
440
- - test/responses/invalids/no_status.xml.base64
441
- - test/responses/invalids/no_status_code.xml.base64
442
- - test/responses/invalids/no_subjectconfirmation_data.xml.base64
443
- - test/responses/invalids/no_subjectconfirmation_method.xml.base64
444
- - test/responses/invalids/response_invalid_signed_element.xml.base64
445
- - test/responses/invalids/response_with_concealed_signed_assertion.xml
446
- - test/responses/invalids/response_with_doubled_signed_assertion.xml
447
- - test/responses/invalids/signature_wrapping_attack.xml.base64
448
- - test/responses/invalids/status_code_responder.xml.base64
449
- - test/responses/invalids/status_code_responer_and_msg.xml.base64
450
- - test/responses/invalids/wrong_spnamequalifier.xml.base64
451
- - test/responses/no_signature_ns.xml
452
- - test/responses/open_saml_response.xml
453
- - test/responses/response_assertion_wrapped.xml.base64
454
- - test/responses/response_audience_self_closed_tag.xml.base64
455
- - test/responses/response_double_status_code.xml.base64
456
- - test/responses/response_encrypted_attrs.xml.base64
457
- - test/responses/response_encrypted_nameid.xml.base64
458
- - test/responses/response_eval.xml
459
- - test/responses/response_no_cert_and_encrypted_attrs.xml
460
- - test/responses/response_node_text_attack.xml.base64
461
- - test/responses/response_node_text_attack2.xml.base64
462
- - test/responses/response_node_text_attack3.xml.base64
463
- - test/responses/response_unsigned_xml_base64
464
- - test/responses/response_with_ampersands.xml
465
- - test/responses/response_with_ampersands.xml.base64
466
- - test/responses/response_with_ds_namespace_at_the_root.xml.base64
467
- - test/responses/response_with_multiple_attribute_statements.xml
468
- - test/responses/response_with_multiple_attribute_values.xml
469
- - test/responses/response_with_retrieval_method.xml
470
- - test/responses/response_with_saml2_namespace.xml.base64
471
- - test/responses/response_with_signed_assertion.xml.base64
472
- - test/responses/response_with_signed_assertion_2.xml.base64
473
- - test/responses/response_with_signed_assertion_3.xml
474
- - test/responses/response_with_signed_message_and_assertion.xml
475
- - test/responses/response_with_undefined_recipient.xml.base64
476
- - test/responses/response_without_attributes.xml.base64
477
- - test/responses/response_without_reference_uri.xml.base64
478
- - test/responses/response_wrapped.xml.base64
479
- - test/responses/signed_message_encrypted_signed_assertion.xml.base64
480
- - test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
481
- - test/responses/signed_nameid_in_atts.xml
482
- - test/responses/signed_unqual_nameid_in_atts.xml
483
- - test/responses/simple_saml_php.xml
484
- - test/responses/starfield_response.xml.base64
485
- - test/responses/test_sign.xml
486
- - test/responses/unsigned_encrypted_adfs.xml
487
- - test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
488
- - test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
489
- - test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
490
- - test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
491
- - test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
492
- - test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
493
- - test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
494
- - test/responses/valid_response.xml.base64
495
- - test/responses/valid_response_with_formatted_x509certificate.xml.base64
496
- - test/responses/valid_response_without_x509certificate.xml.base64
497
- - test/saml_message_test.rb
498
- - test/settings_test.rb
499
- - test/slo_logoutrequest_test.rb
500
- - test/slo_logoutresponse_test.rb
501
- - test/test_helper.rb
502
- - test/utils_test.rb
503
- - test/xml_security_test.rb
245
+ test_files: []