RubyGems - ruby-saml - Versions diffs - 1.9.0 → 1.12.0 - Mend

ruby-saml 1.9.0 → 1.12.0

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (157) hide show

data/lib/onelogin/ruby-saml/slo_logoutrequest.rb CHANGED Viewed

@@ -47,6 +47,10 @@ module OneLogin
         @document = REXML::Document.new(@request)
       end
+      def request_id
+        id(document)
+      end
       # Validates the Logout Request with the default values (soft = true)
       # @param collect_errors [Boolean] Stop validation when first error appears or keep validating.
       # @return [Boolean] TRUE if the Logout Request is valid
@@ -280,13 +284,19 @@ module OneLogin
           :raw_sig_alg     => options[:raw_get_params]['SigAlg']
         )
+        expired = false
         if idp_certs.nil? || idp_certs[:signing].empty?
           valid = OneLogin::RubySaml::Utils.verify_signature(
-            :cert         => settings.get_idp_cert,
+            :cert         => idp_cert,
             :sig_alg      => options[:get_params]['SigAlg'],
             :signature    => options[:get_params]['Signature'],
             :query_string => query_string
           )
+          if valid && settings.security[:check_idp_cert_expiration]
+            if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
+              expired = true
+            end
+          end
         else
           valid = false
           idp_certs[:signing].each do |signing_idp_cert|
@@ -297,11 +307,20 @@ module OneLogin
               :query_string => query_string
             )
             if valid
+              if settings.security[:check_idp_cert_expiration]
+                if OneLogin::RubySaml::Utils.is_cert_expired(signing_idp_cert)
+                  expired = true
+                end
+              end
               break
             end
           end
         end
+        if expired
+          error_msg = "IdP x509 certificate expired"
+          return append_error(error_msg)
+        end
         unless valid
           return append_error("Invalid Signature on Logout Request")
         end

data/lib/onelogin/ruby-saml/slo_logoutresponse.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require "onelogin/ruby-saml/logging"
 require "onelogin/ruby-saml/saml_message"
 require "onelogin/ruby-saml/utils"
+require "onelogin/ruby-saml/setting_error"
 # Only supports SAML 2.0
 module OneLogin
@@ -21,23 +22,30 @@ module OneLogin
         @uuid = OneLogin::RubySaml::Utils.uuid
       end
+      def response_id
+        @uuid
+      end
       # Creates the Logout Response string.
       # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] Logout Request string that includes the SAMLRequest
       #
-      def create(settings, request_id = nil, logout_message = nil, params = {})
-        params = create_params(settings, request_id, logout_message, params)
+      def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
+        params = create_params(settings, request_id, logout_message, params, logout_status_code)
         params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
+        url = settings.idp_slo_response_service_url || settings.idp_slo_target_url
         saml_response = CGI.escape(params.delete("SAMLResponse"))
         response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
         params.each_pair do |key, value|
           response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
         end
-        @logout_url = settings.idp_slo_target_url + response_params
+        raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if url.nil? or url.empty?
+        @logout_url = url + response_params
       end
       # Creates the Get parameters for the logout response.
@@ -45,9 +53,10 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [Hash] Parameters
       #
-      def create_params(settings, request_id = nil, logout_message = nil, params = {})
+      def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
         # The method expects :RelayState but sometimes we get 'RelayState' instead.
         # Based on the HashWithIndifferentAccess value in Rails we could experience
         # conflicts so this line will solve them.
@@ -58,7 +67,7 @@ module OneLogin
           params.delete('RelayState')
         end
-        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message)
+        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
         response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
         response = ""
@@ -94,46 +103,59 @@ module OneLogin
       # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] The SAMLResponse String.
       #
-      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
+      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
+        document = create_xml_document(settings, request_id, logout_message, logout_status_code)
+        sign_document(document, settings)
+      end
+      def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
         time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
         response_doc = XMLSecurity::Document.new
         response_doc.uuid = uuid
+        destination = settings.idp_slo_response_service_url || settings.idp_slo_target_url
         root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
         root.attributes['ID'] = uuid
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = '2.0'
         root.attributes['InResponseTo'] = request_id unless request_id.nil?
-        root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil?
+        root.attributes['Destination'] = destination unless destination.nil? or destination.empty?
-        if settings.issuer != nil
+        if settings.sp_entity_id != nil
           issuer = root.add_element "saml:Issuer"
-          issuer.text = settings.issuer
+          issuer.text = settings.sp_entity_id
         end
-        # add success message
+        # add status
         status = root.add_element 'samlp:Status'
-        # success status code
-        status_code = status.add_element 'samlp:StatusCode'
-        status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        # status code
+        status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code_elem = status.add_element 'samlp:StatusCode'
+        status_code_elem.attributes['Value'] = status_code
-        # success status message
+        # status message
         logout_message ||= 'Successfully Signed Out'
         status_message = status.add_element 'samlp:StatusMessage'
         status_message.text = logout_message
+        response_doc
+      end
+      def sign_document(document, settings)
         # embed signature
         if settings.security[:logout_responses_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
           private_key = settings.get_sp_key
           cert = settings.get_sp_cert
-          response_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
+          document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
         end
-        response_doc
+        document
       end
     end

data/lib/onelogin/ruby-saml/utils.rb CHANGED Viewed

@@ -3,6 +3,7 @@ if RUBY_VERSION < '1.9'
 else
   require 'securerandom'
 end
+require "openssl"
 module OneLogin
   module RubySaml
@@ -14,6 +15,61 @@ module OneLogin
       DSIG      = "http://www.w3.org/2000/09/xmldsig#"
       XENC      = "http://www.w3.org/2001/04/xmlenc#"
+      DURATION_FORMAT = %r(^(-?)P(?:(?:(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)D)?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+)S)?)?)|(?:(\d+)W))$)
+      # Checks if the x509 cert provided is expired
+      #
+      # @param cert [Certificate] The x509 certificate
+      #
+      def self.is_cert_expired(cert)
+        if cert.is_a?(String)
+          cert = OpenSSL::X509::Certificate.new(cert)
+        end
+        return cert.not_after < Time.now
+      end
+      # Interprets a ISO8601 duration value relative to a given timestamp.
+      #
+      # @param duration [String] The duration, as a string.
+      # @param timestamp [Integer] The unix timestamp we should apply the
+      #                            duration to. Optional, default to the
+      #                            current time.
+      #
+      # @return [Integer] The new timestamp, after the duration is applied.
+      #
+      def self.parse_duration(duration, timestamp=Time.now.utc)
+        matches = duration.match(DURATION_FORMAT)
+        if matches.nil?
+          raise Exception.new("Invalid ISO 8601 duration")
+        end
+        durYears = matches[2].to_i
+        durMonths = matches[3].to_i
+        durDays = matches[4].to_i
+        durHours = matches[5].to_i
+        durMinutes = matches[6].to_i
+        durSeconds = matches[7].to_f
+        durWeeks = matches[8].to_i
+        if matches[1] == "-"
+          durYears = -durYears
+          durMonths = -durMonths
+          durDays = -durDays
+          durHours = -durHours
+          durMinutes = -durMinutes
+          durSeconds = -durSeconds
+          durWeeks = -durWeeks
+        end
+        initial_datetime = Time.at(timestamp).utc.to_datetime
+        final_datetime = initial_datetime.next_year(durYears)
+        final_datetime = final_datetime.next_month(durMonths)
+        final_datetime = final_datetime.next_day((7*durWeeks) + durDays)
+        final_timestamp = final_datetime.to_time.utc.to_i + (durHours * 3600) + (durMinutes * 60) + durSeconds
+        return final_timestamp
+      end
       # Return a properly formatted x509 certificate
       #
@@ -22,7 +78,11 @@ module OneLogin
       #
       def self.format_cert(cert)
         # don't try to format an encoded certificate or if is empty or nil
-        return cert if cert.nil? || cert.empty? || cert.match(/\x0d/)
+        if cert.respond_to?(:ascii_only?)
+          return cert if cert.nil? || cert.empty? || !cert.ascii_only?
+        else
+          return cert if cert.nil? || cert.empty? || cert.match(/\x0d/)
+        end
         if cert.scan(/BEGIN CERTIFICATE/).length > 1
           formatted_cert = []
@@ -236,6 +296,9 @@ module OneLogin
           when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-192-GCM').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-256-GCM').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
           when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
         end
@@ -246,6 +309,16 @@ module OneLogin
           cipher.padding, cipher.key, cipher.iv = 0, symmetric_key, cipher_text[0..iv_len-1]
           assertion_plaintext = cipher.update(data)
           assertion_plaintext << cipher.final
+        elsif auth_cipher
+          iv_len, text_len, tag_len = auth_cipher.iv_len, cipher_text.length, 16
+          data = cipher_text[iv_len..text_len-1-tag_len]
+          auth_cipher.padding = 0
+          auth_cipher.key = symmetric_key
+          auth_cipher.iv = cipher_text[0..iv_len-1]
+          auth_cipher.auth_data = ''
+          auth_cipher.auth_tag = cipher_text[text_len-tag_len..-1]
+          assertion_plaintext = auth_cipher.update(data)
+          assertion_plaintext << auth_cipher.final
         elsif rsa
           rsa.private_decrypt(cipher_text)
         elsif oaep

data/lib/onelogin/ruby-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '1.9.0'
+    VERSION = '1.12.0'
   end
 end

data/lib/xml_security.rb CHANGED Viewed

@@ -212,7 +212,7 @@ module XMLSecurity
         begin
           cert = OpenSSL::X509::Certificate.new(cert_text)
         rescue OpenSSL::X509::CertificateError => _e
-          return append_error("Certificate Error", soft)
+          return append_error("Document Certificate Error", soft)
         end
         if options[:fingerprint_alg]
@@ -224,7 +224,6 @@ module XMLSecurity
         # check cert matches registered idp cert
         if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
-          @errors << "Fingerprint mismatch"
           return append_error("Fingerprint mismatch", soft)
         end
       else
@@ -241,7 +240,7 @@ module XMLSecurity
       validate_signature(base64_cert, soft)
     end
-    def validate_document_with_cert(idp_cert)
+    def validate_document_with_cert(idp_cert, soft = true)
       # get cert from response
       cert_element = REXML::XPath.first(
         self,
@@ -255,12 +254,12 @@ module XMLSecurity
         begin
           cert = OpenSSL::X509::Certificate.new(cert_text)
         rescue OpenSSL::X509::CertificateError => _e
-          return append_error("Certificate Error", soft)
+          return append_error("Document Certificate Error", soft)
         end
         # check saml response cert matches provided idp cert
         if idp_cert.to_pem != cert.to_pem
-          return false
+          return append_error("Certificate of the Signature element does not match provided certificate", soft)
         end
       else
         base64_cert = Base64.encode64(idp_cert.to_pem)
@@ -326,6 +325,9 @@ module XMLSecurity
         '//ds:CanonicalizationMethod',
         { "ds" => DSIG }
       )
+      canon_algorithm = process_transforms(ref, canon_algorithm)
       canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
       digest_algorithm = algorithm(REXML::XPath.first(
@@ -342,7 +344,6 @@ module XMLSecurity
       digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
       unless digests_match?(hash, digest_value)
-        @errors << "Digest mismatch"
         return append_error("Digest mismatch", soft)
       end
@@ -360,6 +361,33 @@ module XMLSecurity
     private
+    def process_transforms(ref, canon_algorithm)
+      transforms = REXML::XPath.match(
+        ref,
+        "//ds:Transforms/ds:Transform",
+        { "ds" => DSIG }
+      )
+      transforms.each do |transform_element|
+        if transform_element.attributes && transform_element.attributes["Algorithm"]
+          algorithm = transform_element.attributes["Algorithm"]
+          case algorithm
+            when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+                 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_1_0
+            when "http://www.w3.org/2006/12/xml-c14n11",
+                 "http://www.w3.org/2006/12/xml-c14n11#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_1_1
+            when "http://www.w3.org/2001/10/xml-exc-c14n#",
+                 "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+          end
+        end
+      end
+      canon_algorithm
+    end
     def digests_match?(hash, digest_value)
       hash == digest_value
     end

data/ruby-saml.gemspec CHANGED Viewed

@@ -15,31 +15,39 @@ Gem::Specification.new do |s|
     "LICENSE",
     "README.md"
   ]
-  s.files = `git ls-files`.split("\n")
-  s.homepage = %q{http://github.com/onelogin/ruby-saml}
-  s.rubyforge_project = %q{http://www.rubygems.org/gems/ruby-saml}
+  s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  s.homepage = %q{https://github.com/onelogin/ruby-saml}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
   s.required_ruby_version = '>= 1.8.7'
   s.summary = %q{SAML Ruby Tookit}
-  s.test_files = `git ls-files test/*`.split("\n")
   # Because runtime dependencies are determined at build time, we cannot make
   # Nokogiri's version dependent on the Ruby version, even though we would
   # have liked to constrain Ruby 1.8.7 to install only the 1.5.x versions.
   if defined?(JRUBY_VERSION)
-    s.add_runtime_dependency('nokogiri', '>= 1.6.0')
-    s.add_runtime_dependency('jruby-openssl', '>= 0.9.8') if JRUBY_VERSION < '9.2.0.0'
+    if JRUBY_VERSION < '9.2.0.0'
+      s.add_runtime_dependency('nokogiri', '>= 1.8.2', '<= 1.8.5')
+      s.add_runtime_dependency('jruby-openssl', '>= 0.9.8')
+      s.add_runtime_dependency('json', '< 2.3.0')
+    else
+      s.add_runtime_dependency('nokogiri', '>= 1.8.2')
+    end
   elsif RUBY_VERSION < '1.9'
     s.add_runtime_dependency('uuid')
     s.add_runtime_dependency('nokogiri', '<= 1.5.11')
   elsif RUBY_VERSION < '2.1'
     s.add_runtime_dependency('nokogiri', '>= 1.5.10', '<= 1.6.8.1')
+    s.add_runtime_dependency('json', '< 2.3.0')
+  elsif RUBY_VERSION < '2.3'
+    s.add_runtime_dependency('nokogiri', '>= 1.9.1', '<= 1.10.0')
   else
-    s.add_runtime_dependency('nokogiri', '>= 1.5.10')
+    s.add_runtime_dependency('nokogiri', '>= 1.10.5')
+    s.add_runtime_dependency('rexml')
   end
+  s.add_development_dependency('coveralls')
   s.add_development_dependency('minitest', '~> 5.5')
   s.add_development_dependency('mocha',    '~> 0.14')
   s.add_development_dependency('rake',     '~> 10')

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.12.0
 platform: ruby
 authors:
 - OneLogin LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-03 00:00:00.000000000 Z
+date: 2021-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -16,14 +16,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 1.10.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 1.10.5
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -166,6 +194,7 @@ files:
 - lib/onelogin/ruby-saml/metadata.rb
 - lib/onelogin/ruby-saml/response.rb
 - lib/onelogin/ruby-saml/saml_message.rb
+- lib/onelogin/ruby-saml/setting_error.rb
 - lib/onelogin/ruby-saml/settings.rb
 - lib/onelogin/ruby-saml/slo_logoutrequest.rb
 - lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -187,142 +216,7 @@ files:
 - lib/schemas/xmldsig-core-schema.xsd
 - lib/xml_security.rb
 - ruby-saml.gemspec
-- test/certificates/certificate1
-- test/certificates/certificate_without_head_foot
-- test/certificates/formatted_certificate
-- test/certificates/formatted_chained_certificate
-- test/certificates/formatted_private_key
-- test/certificates/formatted_rsa_private_key
-- test/certificates/invalid_certificate1
-- test/certificates/invalid_certificate2
-- test/certificates/invalid_certificate3
-- test/certificates/invalid_chained_certificate1
-- test/certificates/invalid_private_key1
-- test/certificates/invalid_private_key2
-- test/certificates/invalid_private_key3
-- test/certificates/invalid_rsa_private_key1
-- test/certificates/invalid_rsa_private_key2
-- test/certificates/invalid_rsa_private_key3
-- test/certificates/ruby-saml-2.crt
-- test/certificates/ruby-saml.crt
-- test/certificates/ruby-saml.key
-- test/idp_metadata_parser_test.rb
-- test/logging_test.rb
-- test/logout_requests/invalid_slo_request.xml
-- test/logout_requests/slo_request.xml
-- test/logout_requests/slo_request.xml.base64
-- test/logout_requests/slo_request_deflated.xml.base64
-- test/logout_requests/slo_request_with_name_id_format.xml
-- test/logout_requests/slo_request_with_session_index.xml
-- test/logout_responses/logoutresponse_fixtures.rb
-- test/logoutrequest_test.rb
-- test/logoutresponse_test.rb
-- test/metadata/idp_descriptor.xml
-- test/metadata/idp_descriptor_2.xml
-- test/metadata/idp_descriptor_3.xml
-- test/metadata/idp_descriptor_4.xml
-- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
-- test/metadata/idp_metadata_multi_certs.xml
-- test/metadata/idp_metadata_multi_signing_certs.xml
-- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
-- test/metadata/idp_multiple_descriptors.xml
-- test/metadata/no_idp_descriptor.xml
-- test/metadata_test.rb
-- test/request_test.rb
-- test/response_test.rb
-- test/responses/adfs_response_sha1.xml
-- test/responses/adfs_response_sha256.xml
-- test/responses/adfs_response_sha384.xml
-- test/responses/adfs_response_sha512.xml
-- test/responses/adfs_response_xmlns.xml
-- test/responses/attackxee.xml
-- test/responses/invalids/duplicated_attributes.xml.base64
-- test/responses/invalids/empty_destination.xml.base64
-- test/responses/invalids/empty_nameid.xml.base64
-- test/responses/invalids/encrypted_new_attack.xml.base64
-- test/responses/invalids/invalid_audience.xml.base64
-- test/responses/invalids/invalid_issuer_assertion.xml.base64
-- test/responses/invalids/invalid_issuer_message.xml.base64
-- test/responses/invalids/invalid_signature_position.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
-- test/responses/invalids/multiple_assertions.xml.base64
-- test/responses/invalids/multiple_signed.xml.base64
-- test/responses/invalids/no_authnstatement.xml.base64
-- test/responses/invalids/no_conditions.xml.base64
-- test/responses/invalids/no_id.xml.base64
-- test/responses/invalids/no_issuer_assertion.xml.base64
-- test/responses/invalids/no_issuer_response.xml.base64
-- test/responses/invalids/no_nameid.xml.base64
-- test/responses/invalids/no_saml2.xml.base64
-- test/responses/invalids/no_signature.xml.base64
-- test/responses/invalids/no_status.xml.base64
-- test/responses/invalids/no_status_code.xml.base64
-- test/responses/invalids/no_subjectconfirmation_data.xml.base64
-- test/responses/invalids/no_subjectconfirmation_method.xml.base64
-- test/responses/invalids/response_invalid_signed_element.xml.base64
-- test/responses/invalids/response_with_concealed_signed_assertion.xml
-- test/responses/invalids/response_with_doubled_signed_assertion.xml
-- test/responses/invalids/signature_wrapping_attack.xml.base64
-- test/responses/invalids/status_code_responder.xml.base64
-- test/responses/invalids/status_code_responer_and_msg.xml.base64
-- test/responses/invalids/wrong_spnamequalifier.xml.base64
-- test/responses/no_signature_ns.xml
-- test/responses/open_saml_response.xml
-- test/responses/response_assertion_wrapped.xml.base64
-- test/responses/response_audience_self_closed_tag.xml.base64
-- test/responses/response_double_status_code.xml.base64
-- test/responses/response_encrypted_attrs.xml.base64
-- test/responses/response_encrypted_nameid.xml.base64
-- test/responses/response_eval.xml
-- test/responses/response_no_cert_and_encrypted_attrs.xml
-- test/responses/response_node_text_attack.xml.base64
-- test/responses/response_node_text_attack2.xml.base64
-- test/responses/response_node_text_attack3.xml.base64
-- test/responses/response_unsigned_xml_base64
-- test/responses/response_with_ampersands.xml
-- test/responses/response_with_ampersands.xml.base64
-- test/responses/response_with_ds_namespace_at_the_root.xml.base64
-- test/responses/response_with_multiple_attribute_statements.xml
-- test/responses/response_with_multiple_attribute_values.xml
-- test/responses/response_with_retrieval_method.xml
-- test/responses/response_with_saml2_namespace.xml.base64
-- test/responses/response_with_signed_assertion.xml.base64
-- test/responses/response_with_signed_assertion_2.xml.base64
-- test/responses/response_with_signed_assertion_3.xml
-- test/responses/response_with_signed_message_and_assertion.xml
-- test/responses/response_with_undefined_recipient.xml.base64
-- test/responses/response_without_attributes.xml.base64
-- test/responses/response_without_reference_uri.xml.base64
-- test/responses/response_wrapped.xml.base64
-- test/responses/signed_message_encrypted_signed_assertion.xml.base64
-- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/signed_nameid_in_atts.xml
-- test/responses/signed_unqual_nameid_in_atts.xml
-- test/responses/simple_saml_php.xml
-- test/responses/starfield_response.xml.base64
-- test/responses/test_sign.xml
-- test/responses/unsigned_encrypted_adfs.xml
-- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
-- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/valid_response.xml.base64
-- test/responses/valid_response_with_formatted_x509certificate.xml.base64
-- test/responses/valid_response_without_x509certificate.xml.base64
-- test/saml_message_test.rb
-- test/settings_test.rb
-- test/slo_logoutrequest_test.rb
-- test/slo_logoutresponse_test.rb
-- test/test_helper.rb
-- test/utils_test.rb
-- test/xml_security_test.rb
-homepage: http://github.com/onelogin/ruby-saml
+homepage: https://github.com/onelogin/ruby-saml
 licenses:
 - MIT
 metadata: {}
@@ -342,144 +236,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 2.4.8
+rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
-test_files:
-- test/certificates/certificate1
-- test/certificates/certificate_without_head_foot
-- test/certificates/formatted_certificate
-- test/certificates/formatted_chained_certificate
-- test/certificates/formatted_private_key
-- test/certificates/formatted_rsa_private_key
-- test/certificates/invalid_certificate1
-- test/certificates/invalid_certificate2
-- test/certificates/invalid_certificate3
-- test/certificates/invalid_chained_certificate1
-- test/certificates/invalid_private_key1
-- test/certificates/invalid_private_key2
-- test/certificates/invalid_private_key3
-- test/certificates/invalid_rsa_private_key1
-- test/certificates/invalid_rsa_private_key2
-- test/certificates/invalid_rsa_private_key3
-- test/certificates/ruby-saml-2.crt
-- test/certificates/ruby-saml.crt
-- test/certificates/ruby-saml.key
-- test/idp_metadata_parser_test.rb
-- test/logging_test.rb
-- test/logout_requests/invalid_slo_request.xml
-- test/logout_requests/slo_request.xml
-- test/logout_requests/slo_request.xml.base64
-- test/logout_requests/slo_request_deflated.xml.base64
-- test/logout_requests/slo_request_with_name_id_format.xml
-- test/logout_requests/slo_request_with_session_index.xml
-- test/logout_responses/logoutresponse_fixtures.rb
-- test/logoutrequest_test.rb
-- test/logoutresponse_test.rb
-- test/metadata/idp_descriptor.xml
-- test/metadata/idp_descriptor_2.xml
-- test/metadata/idp_descriptor_3.xml
-- test/metadata/idp_descriptor_4.xml
-- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
-- test/metadata/idp_metadata_multi_certs.xml
-- test/metadata/idp_metadata_multi_signing_certs.xml
-- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
-- test/metadata/idp_multiple_descriptors.xml
-- test/metadata/no_idp_descriptor.xml
-- test/metadata_test.rb
-- test/request_test.rb
-- test/response_test.rb
-- test/responses/adfs_response_sha1.xml
-- test/responses/adfs_response_sha256.xml
-- test/responses/adfs_response_sha384.xml
-- test/responses/adfs_response_sha512.xml
-- test/responses/adfs_response_xmlns.xml
-- test/responses/attackxee.xml
-- test/responses/invalids/duplicated_attributes.xml.base64
-- test/responses/invalids/empty_destination.xml.base64
-- test/responses/invalids/empty_nameid.xml.base64
-- test/responses/invalids/encrypted_new_attack.xml.base64
-- test/responses/invalids/invalid_audience.xml.base64
-- test/responses/invalids/invalid_issuer_assertion.xml.base64
-- test/responses/invalids/invalid_issuer_message.xml.base64
-- test/responses/invalids/invalid_signature_position.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
-- test/responses/invalids/multiple_assertions.xml.base64
-- test/responses/invalids/multiple_signed.xml.base64
-- test/responses/invalids/no_authnstatement.xml.base64
-- test/responses/invalids/no_conditions.xml.base64
-- test/responses/invalids/no_id.xml.base64
-- test/responses/invalids/no_issuer_assertion.xml.base64
-- test/responses/invalids/no_issuer_response.xml.base64
-- test/responses/invalids/no_nameid.xml.base64
-- test/responses/invalids/no_saml2.xml.base64
-- test/responses/invalids/no_signature.xml.base64
-- test/responses/invalids/no_status.xml.base64
-- test/responses/invalids/no_status_code.xml.base64
-- test/responses/invalids/no_subjectconfirmation_data.xml.base64
-- test/responses/invalids/no_subjectconfirmation_method.xml.base64
-- test/responses/invalids/response_invalid_signed_element.xml.base64
-- test/responses/invalids/response_with_concealed_signed_assertion.xml
-- test/responses/invalids/response_with_doubled_signed_assertion.xml
-- test/responses/invalids/signature_wrapping_attack.xml.base64
-- test/responses/invalids/status_code_responder.xml.base64
-- test/responses/invalids/status_code_responer_and_msg.xml.base64
-- test/responses/invalids/wrong_spnamequalifier.xml.base64
-- test/responses/no_signature_ns.xml
-- test/responses/open_saml_response.xml
-- test/responses/response_assertion_wrapped.xml.base64
-- test/responses/response_audience_self_closed_tag.xml.base64
-- test/responses/response_double_status_code.xml.base64
-- test/responses/response_encrypted_attrs.xml.base64
-- test/responses/response_encrypted_nameid.xml.base64
-- test/responses/response_eval.xml
-- test/responses/response_no_cert_and_encrypted_attrs.xml
-- test/responses/response_node_text_attack.xml.base64
-- test/responses/response_node_text_attack2.xml.base64
-- test/responses/response_node_text_attack3.xml.base64
-- test/responses/response_unsigned_xml_base64
-- test/responses/response_with_ampersands.xml
-- test/responses/response_with_ampersands.xml.base64
-- test/responses/response_with_ds_namespace_at_the_root.xml.base64
-- test/responses/response_with_multiple_attribute_statements.xml
-- test/responses/response_with_multiple_attribute_values.xml
-- test/responses/response_with_retrieval_method.xml
-- test/responses/response_with_saml2_namespace.xml.base64
-- test/responses/response_with_signed_assertion.xml.base64
-- test/responses/response_with_signed_assertion_2.xml.base64
-- test/responses/response_with_signed_assertion_3.xml
-- test/responses/response_with_signed_message_and_assertion.xml
-- test/responses/response_with_undefined_recipient.xml.base64
-- test/responses/response_without_attributes.xml.base64
-- test/responses/response_without_reference_uri.xml.base64
-- test/responses/response_wrapped.xml.base64
-- test/responses/signed_message_encrypted_signed_assertion.xml.base64
-- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/signed_nameid_in_atts.xml
-- test/responses/signed_unqual_nameid_in_atts.xml
-- test/responses/simple_saml_php.xml
-- test/responses/starfield_response.xml.base64
-- test/responses/test_sign.xml
-- test/responses/unsigned_encrypted_adfs.xml
-- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
-- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/valid_response.xml.base64
-- test/responses/valid_response_with_formatted_x509certificate.xml.base64
-- test/responses/valid_response_without_x509certificate.xml.base64
-- test/saml_message_test.rb
-- test/settings_test.rb
-- test/slo_logoutrequest_test.rb
-- test/slo_logoutresponse_test.rb
-- test/test_helper.rb
-- test/utils_test.rb
-- test/xml_security_test.rb
+test_files: []