RubyGems - ruby-saml - Versions diffs - 1.9.0 → 1.12.0 - Mend

ruby-saml 1.9.0 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

data/lib/onelogin/ruby-saml/slo_logoutrequest.rb CHANGED Viewed

@@ -47,6 +47,10 @@ module OneLogin
         @document = REXML::Document.new(@request)
       end
+      def request_id
+        id(document)
+      end
       # Validates the Logout Request with the default values (soft = true)
       # @param collect_errors [Boolean] Stop validation when first error appears or keep validating.
       # @return [Boolean] TRUE if the Logout Request is valid
@@ -280,13 +284,19 @@ module OneLogin
           :raw_sig_alg     => options[:raw_get_params]['SigAlg']
         )
+        expired = false
         if idp_certs.nil? || idp_certs[:signing].empty?
           valid = OneLogin::RubySaml::Utils.verify_signature(
-            :cert         => settings.get_idp_cert,
+            :cert         => idp_cert,
             :sig_alg      => options[:get_params]['SigAlg'],
             :signature    => options[:get_params]['Signature'],
             :query_string => query_string
           )
+          if valid && settings.security[:check_idp_cert_expiration]
+            if OneLogin::RubySaml::Utils.is_cert_expired(idp_cert)
+              expired = true
+            end
+          end
         else
           valid = false
           idp_certs[:signing].each do |signing_idp_cert|
@@ -297,11 +307,20 @@ module OneLogin
               :query_string => query_string
             )
             if valid
+              if settings.security[:check_idp_cert_expiration]
+                if OneLogin::RubySaml::Utils.is_cert_expired(signing_idp_cert)
+                  expired = true
+                end
+              end
               break
             end
           end
         end
+        if expired
+          error_msg = "IdP x509 certificate expired"
+          return append_error(error_msg)
+        end
         unless valid
           return append_error("Invalid Signature on Logout Request")
         end

data/lib/onelogin/ruby-saml/slo_logoutresponse.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require "onelogin/ruby-saml/logging"
 require "onelogin/ruby-saml/saml_message"
 require "onelogin/ruby-saml/utils"
+require "onelogin/ruby-saml/setting_error"
 # Only supports SAML 2.0
 module OneLogin
@@ -21,23 +22,30 @@ module OneLogin
         @uuid = OneLogin::RubySaml::Utils.uuid
       end
+      def response_id
+        @uuid
+      end
       # Creates the Logout Response string.
       # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] Logout Request string that includes the SAMLRequest
       #
-      def create(settings, request_id = nil, logout_message = nil, params = {})
-        params = create_params(settings, request_id, logout_message, params)
+      def create(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
+        params = create_params(settings, request_id, logout_message, params, logout_status_code)
         params_prefix = (settings.idp_slo_target_url =~ /\?/) ? '&' : '?'
+        url = settings.idp_slo_response_service_url || settings.idp_slo_target_url
         saml_response = CGI.escape(params.delete("SAMLResponse"))
         response_params = "#{params_prefix}SAMLResponse=#{saml_response}"
         params.each_pair do |key, value|
           response_params << "&#{key.to_s}=#{CGI.escape(value.to_s)}"
         end
-        @logout_url = settings.idp_slo_target_url + response_params
+        raise SettingError.new "Invalid settings, idp_slo_target_url is not set!" if url.nil? or url.empty?
+        @logout_url = url + response_params
       end
       # Creates the Get parameters for the logout response.
@@ -45,9 +53,10 @@ module OneLogin
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
       # @param params [Hash] Some extra parameters to be added in the GET for example the RelayState
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [Hash] Parameters
       #
-      def create_params(settings, request_id = nil, logout_message = nil, params = {})
+      def create_params(settings, request_id = nil, logout_message = nil, params = {}, logout_status_code = nil)
         # The method expects :RelayState but sometimes we get 'RelayState' instead.
         # Based on the HashWithIndifferentAccess value in Rails we could experience
         # conflicts so this line will solve them.
@@ -58,7 +67,7 @@ module OneLogin
           params.delete('RelayState')
         end
-        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message)
+        response_doc = create_logout_response_xml_doc(settings, request_id, logout_message, logout_status_code)
         response_doc.context[:attribute_quote] = :quote if settings.double_quote_xml_attribute_values
         response = ""
@@ -94,46 +103,59 @@ module OneLogin
       # @param settings [OneLogin::RubySaml::Settings|nil] Toolkit settings
       # @param request_id [String] The ID of the LogoutRequest sent by this SP to the IdP. That ID will be placed as the InResponseTo in the logout response
       # @param logout_message [String] The Message to be placed as StatusMessage in the logout response
+      # @param logout_status_code [String] The StatusCode to be placed as StatusMessage in the logout response
       # @return [String] The SAMLResponse String.
       #
-      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil)
+      def create_logout_response_xml_doc(settings, request_id = nil, logout_message = nil, logout_status_code = nil)
+        document = create_xml_document(settings, request_id, logout_message, logout_status_code)
+        sign_document(document, settings)
+      end
+      def create_xml_document(settings, request_id = nil, logout_message = nil, status_code = nil)
         time = Time.now.utc.strftime('%Y-%m-%dT%H:%M:%SZ')
         response_doc = XMLSecurity::Document.new
         response_doc.uuid = uuid
+        destination = settings.idp_slo_response_service_url || settings.idp_slo_target_url
         root = response_doc.add_element 'samlp:LogoutResponse', { 'xmlns:samlp' => 'urn:oasis:names:tc:SAML:2.0:protocol', "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion" }
         root.attributes['ID'] = uuid
         root.attributes['IssueInstant'] = time
         root.attributes['Version'] = '2.0'
         root.attributes['InResponseTo'] = request_id unless request_id.nil?
-        root.attributes['Destination'] = settings.idp_slo_target_url unless settings.idp_slo_target_url.nil?
+        root.attributes['Destination'] = destination unless destination.nil? or destination.empty?
-        if settings.issuer != nil
+        if settings.sp_entity_id != nil
           issuer = root.add_element "saml:Issuer"
-          issuer.text = settings.issuer
+          issuer.text = settings.sp_entity_id
         end
-        # add success message
+        # add status
         status = root.add_element 'samlp:Status'
-        # success status code
-        status_code = status.add_element 'samlp:StatusCode'
-        status_code.attributes['Value'] = 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        # status code
+        status_code ||= 'urn:oasis:names:tc:SAML:2.0:status:Success'
+        status_code_elem = status.add_element 'samlp:StatusCode'
+        status_code_elem.attributes['Value'] = status_code
-        # success status message
+        # status message
         logout_message ||= 'Successfully Signed Out'
         status_message = status.add_element 'samlp:StatusMessage'
         status_message.text = logout_message
+        response_doc
+      end
+      def sign_document(document, settings)
         # embed signature
         if settings.security[:logout_responses_signed] && settings.private_key && settings.certificate && settings.security[:embed_sign]
           private_key = settings.get_sp_key
           cert = settings.get_sp_cert
-          response_doc.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
+          document.sign_document(private_key, cert, settings.security[:signature_method], settings.security[:digest_method])
         end
-        response_doc
+        document
       end
     end

data/lib/onelogin/ruby-saml/utils.rb CHANGED Viewed

@@ -3,6 +3,7 @@ if RUBY_VERSION < '1.9'
 else
   require 'securerandom'
 end
+require "openssl"
 module OneLogin
   module RubySaml
@@ -14,6 +15,61 @@ module OneLogin
       DSIG      = "http://www.w3.org/2000/09/xmldsig#"
       XENC      = "http://www.w3.org/2001/04/xmlenc#"
+      DURATION_FORMAT = %r(^(-?)P(?:(?:(?:(\d+)Y)?(?:(\d+)M)?(?:(\d+)D)?(?:T(?:(\d+)H)?(?:(\d+)M)?(?:(\d+)S)?)?)|(?:(\d+)W))$)
+      # Checks if the x509 cert provided is expired
+      #
+      # @param cert [Certificate] The x509 certificate
+      #
+      def self.is_cert_expired(cert)
+        if cert.is_a?(String)
+          cert = OpenSSL::X509::Certificate.new(cert)
+        end
+        return cert.not_after < Time.now
+      end
+      # Interprets a ISO8601 duration value relative to a given timestamp.
+      #
+      # @param duration [String] The duration, as a string.
+      # @param timestamp [Integer] The unix timestamp we should apply the
+      #                            duration to. Optional, default to the
+      #                            current time.
+      #
+      # @return [Integer] The new timestamp, after the duration is applied.
+      #
+      def self.parse_duration(duration, timestamp=Time.now.utc)
+        matches = duration.match(DURATION_FORMAT)
+        if matches.nil?
+          raise Exception.new("Invalid ISO 8601 duration")
+        end
+        durYears = matches[2].to_i
+        durMonths = matches[3].to_i
+        durDays = matches[4].to_i
+        durHours = matches[5].to_i
+        durMinutes = matches[6].to_i
+        durSeconds = matches[7].to_f
+        durWeeks = matches[8].to_i
+        if matches[1] == "-"
+          durYears = -durYears
+          durMonths = -durMonths
+          durDays = -durDays
+          durHours = -durHours
+          durMinutes = -durMinutes
+          durSeconds = -durSeconds
+          durWeeks = -durWeeks
+        end
+        initial_datetime = Time.at(timestamp).utc.to_datetime
+        final_datetime = initial_datetime.next_year(durYears)
+        final_datetime = final_datetime.next_month(durMonths)
+        final_datetime = final_datetime.next_day((7*durWeeks) + durDays)
+        final_timestamp = final_datetime.to_time.utc.to_i + (durHours * 3600) + (durMinutes * 60) + durSeconds
+        return final_timestamp
+      end
       # Return a properly formatted x509 certificate
       #
@@ -22,7 +78,11 @@ module OneLogin
       #
       def self.format_cert(cert)
         # don't try to format an encoded certificate or if is empty or nil
-        return cert if cert.nil? || cert.empty? || cert.match(/\x0d/)
+        if cert.respond_to?(:ascii_only?)
+          return cert if cert.nil? || cert.empty? || !cert.ascii_only?
+        else
+          return cert if cert.nil? || cert.empty? || cert.match(/\x0d/)
+        end
         if cert.scan(/BEGIN CERTIFICATE/).length > 1
           formatted_cert = []
@@ -236,6 +296,9 @@ module OneLogin
           when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes128-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes192-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-192-GCM').decrypt
+          when 'http://www.w3.org/2009/xmlenc11#aes256-gcm' then auth_cipher = OpenSSL::Cipher.new('AES-256-GCM').decrypt
           when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
           when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
         end
@@ -246,6 +309,16 @@ module OneLogin
           cipher.padding, cipher.key, cipher.iv = 0, symmetric_key, cipher_text[0..iv_len-1]
           assertion_plaintext = cipher.update(data)
           assertion_plaintext << cipher.final
+        elsif auth_cipher
+          iv_len, text_len, tag_len = auth_cipher.iv_len, cipher_text.length, 16
+          data = cipher_text[iv_len..text_len-1-tag_len]
+          auth_cipher.padding = 0
+          auth_cipher.key = symmetric_key
+          auth_cipher.iv = cipher_text[0..iv_len-1]
+          auth_cipher.auth_data = ''
+          auth_cipher.auth_tag = cipher_text[text_len-tag_len..-1]
+          assertion_plaintext = auth_cipher.update(data)
+          assertion_plaintext << auth_cipher.final
         elsif rsa
           rsa.private_decrypt(cipher_text)
         elsif oaep

data/lib/onelogin/ruby-saml/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '1.9.0'
+    VERSION = '1.12.0'
   end
 end

data/lib/xml_security.rb CHANGED Viewed

@@ -212,7 +212,7 @@ module XMLSecurity
         begin
           cert = OpenSSL::X509::Certificate.new(cert_text)
         rescue OpenSSL::X509::CertificateError => _e
-          return append_error("Certificate Error", soft)
+          return append_error("Document Certificate Error", soft)
         end
         if options[:fingerprint_alg]
@@ -224,7 +224,6 @@ module XMLSecurity
         # check cert matches registered idp cert
         if fingerprint != idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
-          @errors << "Fingerprint mismatch"
           return append_error("Fingerprint mismatch", soft)
         end
       else
@@ -241,7 +240,7 @@ module XMLSecurity
       validate_signature(base64_cert, soft)
     end
-    def validate_document_with_cert(idp_cert)
+    def validate_document_with_cert(idp_cert, soft = true)
       # get cert from response
       cert_element = REXML::XPath.first(
         self,
@@ -255,12 +254,12 @@ module XMLSecurity
         begin
           cert = OpenSSL::X509::Certificate.new(cert_text)
         rescue OpenSSL::X509::CertificateError => _e
-          return append_error("Certificate Error", soft)
+          return append_error("Document Certificate Error", soft)
         end
         # check saml response cert matches provided idp cert
         if idp_cert.to_pem != cert.to_pem
-          return false
+          return append_error("Certificate of the Signature element does not match provided certificate", soft)
         end
       else
         base64_cert = Base64.encode64(idp_cert.to_pem)
@@ -326,6 +325,9 @@ module XMLSecurity
         '//ds:CanonicalizationMethod',
         { "ds" => DSIG }
       )
+      canon_algorithm = process_transforms(ref, canon_algorithm)
       canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
       digest_algorithm = algorithm(REXML::XPath.first(
@@ -342,7 +344,6 @@ module XMLSecurity
       digest_value = Base64.decode64(OneLogin::RubySaml::Utils.element_text(encoded_digest_value))
       unless digests_match?(hash, digest_value)
-        @errors << "Digest mismatch"
         return append_error("Digest mismatch", soft)
       end
@@ -360,6 +361,33 @@ module XMLSecurity
     private
+    def process_transforms(ref, canon_algorithm)
+      transforms = REXML::XPath.match(
+        ref,
+        "//ds:Transforms/ds:Transform",
+        { "ds" => DSIG }
+      )
+      transforms.each do |transform_element|
+        if transform_element.attributes && transform_element.attributes["Algorithm"]
+          algorithm = transform_element.attributes["Algorithm"]
+          case algorithm
+            when "http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
+                 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_1_0
+            when "http://www.w3.org/2006/12/xml-c14n11",
+                 "http://www.w3.org/2006/12/xml-c14n11#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_1_1
+            when "http://www.w3.org/2001/10/xml-exc-c14n#",
+                 "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"
+              canon_algorithm = Nokogiri::XML::XML_C14N_EXCLUSIVE_1_0
+          end
+        end
+      end
+      canon_algorithm
+    end
     def digests_match?(hash, digest_value)
       hash == digest_value
     end

data/ruby-saml.gemspec CHANGED Viewed

@@ -15,31 +15,39 @@ Gem::Specification.new do |s|
     "LICENSE",
     "README.md"
   ]
-  s.files = `git ls-files`.split("\n")
-  s.homepage = %q{http://github.com/onelogin/ruby-saml}
-  s.rubyforge_project = %q{http://www.rubygems.org/gems/ruby-saml}
+  s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  s.homepage = %q{https://github.com/onelogin/ruby-saml}
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.3.7}
   s.required_ruby_version = '>= 1.8.7'
   s.summary = %q{SAML Ruby Tookit}
-  s.test_files = `git ls-files test/*`.split("\n")
   # Because runtime dependencies are determined at build time, we cannot make
   # Nokogiri's version dependent on the Ruby version, even though we would
   # have liked to constrain Ruby 1.8.7 to install only the 1.5.x versions.
   if defined?(JRUBY_VERSION)
-    s.add_runtime_dependency('nokogiri', '>= 1.6.0')
-    s.add_runtime_dependency('jruby-openssl', '>= 0.9.8') if JRUBY_VERSION < '9.2.0.0'
+    if JRUBY_VERSION < '9.2.0.0'
+      s.add_runtime_dependency('nokogiri', '>= 1.8.2', '<= 1.8.5')
+      s.add_runtime_dependency('jruby-openssl', '>= 0.9.8')
+      s.add_runtime_dependency('json', '< 2.3.0')
+    else
+      s.add_runtime_dependency('nokogiri', '>= 1.8.2')
+    end
   elsif RUBY_VERSION < '1.9'
     s.add_runtime_dependency('uuid')
     s.add_runtime_dependency('nokogiri', '<= 1.5.11')
   elsif RUBY_VERSION < '2.1'
     s.add_runtime_dependency('nokogiri', '>= 1.5.10', '<= 1.6.8.1')
+    s.add_runtime_dependency('json', '< 2.3.0')
+  elsif RUBY_VERSION < '2.3'
+    s.add_runtime_dependency('nokogiri', '>= 1.9.1', '<= 1.10.0')
   else
-    s.add_runtime_dependency('nokogiri', '>= 1.5.10')
+    s.add_runtime_dependency('nokogiri', '>= 1.10.5')
+    s.add_runtime_dependency('rexml')
   end
+  s.add_development_dependency('coveralls')
   s.add_development_dependency('minitest', '~> 5.5')
   s.add_development_dependency('mocha',    '~> 0.14')
   s.add_development_dependency('rake',     '~> 10')

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-saml
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.12.0
 platform: ruby
 authors:
 - OneLogin LLC
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-03 00:00:00.000000000 Z
+date: 2021-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -16,14 +16,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 1.10.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.10
+        version: 1.10.5
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -166,6 +194,7 @@ files:
 - lib/onelogin/ruby-saml/metadata.rb
 - lib/onelogin/ruby-saml/response.rb
 - lib/onelogin/ruby-saml/saml_message.rb
+- lib/onelogin/ruby-saml/setting_error.rb
 - lib/onelogin/ruby-saml/settings.rb
 - lib/onelogin/ruby-saml/slo_logoutrequest.rb
 - lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -187,142 +216,7 @@ files:
 - lib/schemas/xmldsig-core-schema.xsd
 - lib/xml_security.rb
 - ruby-saml.gemspec
-- test/certificates/certificate1
-- test/certificates/certificate_without_head_foot
-- test/certificates/formatted_certificate
-- test/certificates/formatted_chained_certificate
-- test/certificates/formatted_private_key
-- test/certificates/formatted_rsa_private_key
-- test/certificates/invalid_certificate1
-- test/certificates/invalid_certificate2
-- test/certificates/invalid_certificate3
-- test/certificates/invalid_chained_certificate1
-- test/certificates/invalid_private_key1
-- test/certificates/invalid_private_key2
-- test/certificates/invalid_private_key3
-- test/certificates/invalid_rsa_private_key1
-- test/certificates/invalid_rsa_private_key2
-- test/certificates/invalid_rsa_private_key3
-- test/certificates/ruby-saml-2.crt
-- test/certificates/ruby-saml.crt
-- test/certificates/ruby-saml.key
-- test/idp_metadata_parser_test.rb
-- test/logging_test.rb
-- test/logout_requests/invalid_slo_request.xml
-- test/logout_requests/slo_request.xml
-- test/logout_requests/slo_request.xml.base64
-- test/logout_requests/slo_request_deflated.xml.base64
-- test/logout_requests/slo_request_with_name_id_format.xml
-- test/logout_requests/slo_request_with_session_index.xml
-- test/logout_responses/logoutresponse_fixtures.rb
-- test/logoutrequest_test.rb
-- test/logoutresponse_test.rb
-- test/metadata/idp_descriptor.xml
-- test/metadata/idp_descriptor_2.xml
-- test/metadata/idp_descriptor_3.xml
-- test/metadata/idp_descriptor_4.xml
-- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
-- test/metadata/idp_metadata_multi_certs.xml
-- test/metadata/idp_metadata_multi_signing_certs.xml
-- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
-- test/metadata/idp_multiple_descriptors.xml
-- test/metadata/no_idp_descriptor.xml
-- test/metadata_test.rb
-- test/request_test.rb
-- test/response_test.rb
-- test/responses/adfs_response_sha1.xml
-- test/responses/adfs_response_sha256.xml
-- test/responses/adfs_response_sha384.xml
-- test/responses/adfs_response_sha512.xml
-- test/responses/adfs_response_xmlns.xml
-- test/responses/attackxee.xml
-- test/responses/invalids/duplicated_attributes.xml.base64
-- test/responses/invalids/empty_destination.xml.base64
-- test/responses/invalids/empty_nameid.xml.base64
-- test/responses/invalids/encrypted_new_attack.xml.base64
-- test/responses/invalids/invalid_audience.xml.base64
-- test/responses/invalids/invalid_issuer_assertion.xml.base64
-- test/responses/invalids/invalid_issuer_message.xml.base64
-- test/responses/invalids/invalid_signature_position.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
-- test/responses/invalids/multiple_assertions.xml.base64
-- test/responses/invalids/multiple_signed.xml.base64
-- test/responses/invalids/no_authnstatement.xml.base64
-- test/responses/invalids/no_conditions.xml.base64
-- test/responses/invalids/no_id.xml.base64
-- test/responses/invalids/no_issuer_assertion.xml.base64
-- test/responses/invalids/no_issuer_response.xml.base64
-- test/responses/invalids/no_nameid.xml.base64
-- test/responses/invalids/no_saml2.xml.base64
-- test/responses/invalids/no_signature.xml.base64
-- test/responses/invalids/no_status.xml.base64
-- test/responses/invalids/no_status_code.xml.base64
-- test/responses/invalids/no_subjectconfirmation_data.xml.base64
-- test/responses/invalids/no_subjectconfirmation_method.xml.base64
-- test/responses/invalids/response_invalid_signed_element.xml.base64
-- test/responses/invalids/response_with_concealed_signed_assertion.xml
-- test/responses/invalids/response_with_doubled_signed_assertion.xml
-- test/responses/invalids/signature_wrapping_attack.xml.base64
-- test/responses/invalids/status_code_responder.xml.base64
-- test/responses/invalids/status_code_responer_and_msg.xml.base64
-- test/responses/invalids/wrong_spnamequalifier.xml.base64
-- test/responses/no_signature_ns.xml
-- test/responses/open_saml_response.xml
-- test/responses/response_assertion_wrapped.xml.base64
-- test/responses/response_audience_self_closed_tag.xml.base64
-- test/responses/response_double_status_code.xml.base64
-- test/responses/response_encrypted_attrs.xml.base64
-- test/responses/response_encrypted_nameid.xml.base64
-- test/responses/response_eval.xml
-- test/responses/response_no_cert_and_encrypted_attrs.xml
-- test/responses/response_node_text_attack.xml.base64
-- test/responses/response_node_text_attack2.xml.base64
-- test/responses/response_node_text_attack3.xml.base64
-- test/responses/response_unsigned_xml_base64
-- test/responses/response_with_ampersands.xml
-- test/responses/response_with_ampersands.xml.base64
-- test/responses/response_with_ds_namespace_at_the_root.xml.base64
-- test/responses/response_with_multiple_attribute_statements.xml
-- test/responses/response_with_multiple_attribute_values.xml
-- test/responses/response_with_retrieval_method.xml
-- test/responses/response_with_saml2_namespace.xml.base64
-- test/responses/response_with_signed_assertion.xml.base64
-- test/responses/response_with_signed_assertion_2.xml.base64
-- test/responses/response_with_signed_assertion_3.xml
-- test/responses/response_with_signed_message_and_assertion.xml
-- test/responses/response_with_undefined_recipient.xml.base64
-- test/responses/response_without_attributes.xml.base64
-- test/responses/response_without_reference_uri.xml.base64
-- test/responses/response_wrapped.xml.base64
-- test/responses/signed_message_encrypted_signed_assertion.xml.base64
-- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/signed_nameid_in_atts.xml
-- test/responses/signed_unqual_nameid_in_atts.xml
-- test/responses/simple_saml_php.xml
-- test/responses/starfield_response.xml.base64
-- test/responses/test_sign.xml
-- test/responses/unsigned_encrypted_adfs.xml
-- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
-- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/valid_response.xml.base64
-- test/responses/valid_response_with_formatted_x509certificate.xml.base64
-- test/responses/valid_response_without_x509certificate.xml.base64
-- test/saml_message_test.rb
-- test/settings_test.rb
-- test/slo_logoutrequest_test.rb
-- test/slo_logoutresponse_test.rb
-- test/test_helper.rb
-- test/utils_test.rb
-- test/xml_security_test.rb
-homepage: http://github.com/onelogin/ruby-saml
+homepage: https://github.com/onelogin/ruby-saml
 licenses:
 - MIT
 metadata: {}
@@ -342,144 +236,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: http://www.rubygems.org/gems/ruby-saml
-rubygems_version: 2.4.8
+rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit
-test_files:
-- test/certificates/certificate1
-- test/certificates/certificate_without_head_foot
-- test/certificates/formatted_certificate
-- test/certificates/formatted_chained_certificate
-- test/certificates/formatted_private_key
-- test/certificates/formatted_rsa_private_key
-- test/certificates/invalid_certificate1
-- test/certificates/invalid_certificate2
-- test/certificates/invalid_certificate3
-- test/certificates/invalid_chained_certificate1
-- test/certificates/invalid_private_key1
-- test/certificates/invalid_private_key2
-- test/certificates/invalid_private_key3
-- test/certificates/invalid_rsa_private_key1
-- test/certificates/invalid_rsa_private_key2
-- test/certificates/invalid_rsa_private_key3
-- test/certificates/ruby-saml-2.crt
-- test/certificates/ruby-saml.crt
-- test/certificates/ruby-saml.key
-- test/idp_metadata_parser_test.rb
-- test/logging_test.rb
-- test/logout_requests/invalid_slo_request.xml
-- test/logout_requests/slo_request.xml
-- test/logout_requests/slo_request.xml.base64
-- test/logout_requests/slo_request_deflated.xml.base64
-- test/logout_requests/slo_request_with_name_id_format.xml
-- test/logout_requests/slo_request_with_session_index.xml
-- test/logout_responses/logoutresponse_fixtures.rb
-- test/logoutrequest_test.rb
-- test/logoutresponse_test.rb
-- test/metadata/idp_descriptor.xml
-- test/metadata/idp_descriptor_2.xml
-- test/metadata/idp_descriptor_3.xml
-- test/metadata/idp_descriptor_4.xml
-- test/metadata/idp_metadata_different_sign_and_encrypt_cert.xml
-- test/metadata/idp_metadata_multi_certs.xml
-- test/metadata/idp_metadata_multi_signing_certs.xml
-- test/metadata/idp_metadata_same_sign_and_encrypt_cert.xml
-- test/metadata/idp_multiple_descriptors.xml
-- test/metadata/no_idp_descriptor.xml
-- test/metadata_test.rb
-- test/request_test.rb
-- test/response_test.rb
-- test/responses/adfs_response_sha1.xml
-- test/responses/adfs_response_sha256.xml
-- test/responses/adfs_response_sha384.xml
-- test/responses/adfs_response_sha512.xml
-- test/responses/adfs_response_xmlns.xml
-- test/responses/attackxee.xml
-- test/responses/invalids/duplicated_attributes.xml.base64
-- test/responses/invalids/empty_destination.xml.base64
-- test/responses/invalids/empty_nameid.xml.base64
-- test/responses/invalids/encrypted_new_attack.xml.base64
-- test/responses/invalids/invalid_audience.xml.base64
-- test/responses/invalids/invalid_issuer_assertion.xml.base64
-- test/responses/invalids/invalid_issuer_message.xml.base64
-- test/responses/invalids/invalid_signature_position.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_nb.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_noa.xml.base64
-- test/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64
-- test/responses/invalids/multiple_assertions.xml.base64
-- test/responses/invalids/multiple_signed.xml.base64
-- test/responses/invalids/no_authnstatement.xml.base64
-- test/responses/invalids/no_conditions.xml.base64
-- test/responses/invalids/no_id.xml.base64
-- test/responses/invalids/no_issuer_assertion.xml.base64
-- test/responses/invalids/no_issuer_response.xml.base64
-- test/responses/invalids/no_nameid.xml.base64
-- test/responses/invalids/no_saml2.xml.base64
-- test/responses/invalids/no_signature.xml.base64
-- test/responses/invalids/no_status.xml.base64
-- test/responses/invalids/no_status_code.xml.base64
-- test/responses/invalids/no_subjectconfirmation_data.xml.base64
-- test/responses/invalids/no_subjectconfirmation_method.xml.base64
-- test/responses/invalids/response_invalid_signed_element.xml.base64
-- test/responses/invalids/response_with_concealed_signed_assertion.xml
-- test/responses/invalids/response_with_doubled_signed_assertion.xml
-- test/responses/invalids/signature_wrapping_attack.xml.base64
-- test/responses/invalids/status_code_responder.xml.base64
-- test/responses/invalids/status_code_responer_and_msg.xml.base64
-- test/responses/invalids/wrong_spnamequalifier.xml.base64
-- test/responses/no_signature_ns.xml
-- test/responses/open_saml_response.xml
-- test/responses/response_assertion_wrapped.xml.base64
-- test/responses/response_audience_self_closed_tag.xml.base64
-- test/responses/response_double_status_code.xml.base64
-- test/responses/response_encrypted_attrs.xml.base64
-- test/responses/response_encrypted_nameid.xml.base64
-- test/responses/response_eval.xml
-- test/responses/response_no_cert_and_encrypted_attrs.xml
-- test/responses/response_node_text_attack.xml.base64
-- test/responses/response_node_text_attack2.xml.base64
-- test/responses/response_node_text_attack3.xml.base64
-- test/responses/response_unsigned_xml_base64
-- test/responses/response_with_ampersands.xml
-- test/responses/response_with_ampersands.xml.base64
-- test/responses/response_with_ds_namespace_at_the_root.xml.base64
-- test/responses/response_with_multiple_attribute_statements.xml
-- test/responses/response_with_multiple_attribute_values.xml
-- test/responses/response_with_retrieval_method.xml
-- test/responses/response_with_saml2_namespace.xml.base64
-- test/responses/response_with_signed_assertion.xml.base64
-- test/responses/response_with_signed_assertion_2.xml.base64
-- test/responses/response_with_signed_assertion_3.xml
-- test/responses/response_with_signed_message_and_assertion.xml
-- test/responses/response_with_undefined_recipient.xml.base64
-- test/responses/response_without_attributes.xml.base64
-- test/responses/response_without_reference_uri.xml.base64
-- test/responses/response_wrapped.xml.base64
-- test/responses/signed_message_encrypted_signed_assertion.xml.base64
-- test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/signed_nameid_in_atts.xml
-- test/responses/signed_unqual_nameid_in_atts.xml
-- test/responses/simple_saml_php.xml
-- test/responses/starfield_response.xml.base64
-- test/responses/test_sign.xml
-- test/responses/unsigned_encrypted_adfs.xml
-- test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
-- test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
-- test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
-- test/responses/valid_response.xml.base64
-- test/responses/valid_response_with_formatted_x509certificate.xml.base64
-- test/responses/valid_response_without_x509certificate.xml.base64
-- test/saml_message_test.rb
-- test/settings_test.rb
-- test/slo_logoutrequest_test.rb
-- test/slo_logoutresponse_test.rb
-- test/test_helper.rb
-- test/utils_test.rb
-- test/xml_security_test.rb
+test_files: []