ruby-saml 0.4.4 → 0.4.5

data/Rakefile

@@ -10,7 +10,7 @@ begin
     gem.email = "support@onelogin.com"
     gem.homepage = "http://github.com/onelogin/ruby-saml"
     gem.authors = ["OneLogin LLC"]
-    gem.add_dependency("xmlcanonicalizer","~> 0.1")
+    gem.add_dependency("canonix","~> 0.1")
     gem.add_dependency("uuid","~> 2.3")
     gem.add_development_dependency "shoulda"
     gem.add_development_dependency "mocha"

data/VERSION

@@ -1 +1 @@
-0.4.4
+0.4.5

data/lib/onelogin/saml/response.rb

@@ -8,13 +8,11 @@ module Onelogin::Saml
     DSIG      = "http://www.w3.org/2000/09/xmldsig#"
 
     attr_accessor :response, :document, :logger, :settings, :original
-    attr_accessor :bypass_conditions_check # for testing only
 
     def initialize(response)
       raise ArgumentError.new("Response cannot be nil") if response.nil?
-      self.bypass_conditions_check  = false
-      self.response                 = response
-      self.document                 = XMLSecurity::SignedDocument.new(Base64.decode64(response))
+      self.response = response
+      self.document = XMLSecurity::SignedDocument.new(Base64.decode64(response))
     end
 
     def is_valid?
@@ -35,12 +33,14 @@ module Onelogin::Saml
     end
 
     def check_conditions
-      return true if self.bypass_conditions_check
+      return true if conditions.nil?
+
+      not_before = parse_time(conditions, "NotBefore")
+      return false if not_before && Time.now.utc < not_before
+
+      not_on_or_after = parse_time(conditions, "NotOnOrAfter")
+      return false if not_on_or_after && Time.now.utc >= not_on_or_after
 
-      cond_element = REXML::XPath.first(document,"/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
-      return true unless cond_element
-      return false if cond_element.attribute('NotBefore') and Time.now.utc < parseXsDateTime(cond_element.attribute('NotBefore'))
-      return false if cond_element.attribute('NotOnOrAfter') and Time.now.utc >= parseXsDateTime(cond_element.attribute('NotOnOrAfter'))
       true
     end
 
@@ -71,15 +71,23 @@ module Onelogin::Saml
     def session_expires_at
       @expires_at ||= begin
         node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
-        Time.parse(node.attributes["SessionNotOnOrAfter"]) if node && node.attributes["SessionNotOnOrAfter"]
+        parse_time(node, "SessionNotOnOrAfter")
+      end
+    end
+
+    # Conditions (if any) for the assertion to run
+    def conditions
+      @conditions ||= begin
+        REXML::XPath.first(document, "/p:Response/a:Assertion[@ID='#{document.signed_element_id[1,document.signed_element_id.size]}']/a:Conditions", { "p" => PROTOCOL, "a" => ASSERTION })
       end
     end
 
     private
 
-    def parseXsDateTime(xsDatetime)
-      return nil unless xsDatetime.to_s =~ /^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z$/
-      Time.utc($1, $2, $3, $4, $5, $6)
+    def parse_time(node, attribute)
+      if node && node.attributes[attribute]
+        Time.parse(node.attributes[attribute])
+      end
     end
   end
-end
+end

data/lib/xml_security.rb

@@ -43,13 +43,13 @@ module XMLSecurity
 
     def validate (idp_cert_fingerprint, logger = nil)
       # get cert from response
-      base64_cert             = self.elements["//ds:X509Certificate"].text
-      cert_text               = Base64.decode64(base64_cert)
-      cert                    = OpenSSL::X509::Certificate.new(cert_text)
+      base64_cert = self.elements["//ds:X509Certificate"].text
+      cert_text   = Base64.decode64(base64_cert)
+      cert        = OpenSSL::X509::Certificate.new(cert_text)
 
       # check cert matches registered idp cert
-      fingerprint             = Digest::SHA1.hexdigest(cert.to_der)
-      valid_flag              = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
+      fingerprint = Digest::SHA1.hexdigest(cert.to_der)
+      valid_flag  = fingerprint == idp_cert_fingerprint.gsub(/[^a-zA-Z0-9]/,"").downcase
 
       return valid_flag if !valid_flag
 

data/ruby-saml.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{ruby-saml}
-  s.version = "0.4.4"
+  s.version = "0.4.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["OneLogin LLC"]
-  s.date = %q{2011-06-10}
+  s.date = %q{2011-06-17}
   s.description = %q{SAML toolkit for Ruby on Rails}
   s.email = %q{support@onelogin.com}
   s.extra_rdoc_files = [
@@ -35,6 +35,7 @@ Gem::Specification.new do |s|
      "test/responses/response2.xml.base64",
      "test/responses/response3.xml.base64",
      "test/responses/response4.xml.base64",
+     "test/responses/response5.xml.base64",
      "test/ruby-saml_test.rb",
      "test/test_helper.rb",
      "test/xml_security_test.rb"
@@ -55,18 +56,18 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
+      s.add_runtime_dependency(%q<canonix>, ["~> 0.1"])
       s.add_runtime_dependency(%q<uuid>, ["~> 2.3"])
       s.add_development_dependency(%q<shoulda>, [">= 0"])
       s.add_development_dependency(%q<mocha>, [">= 0"])
     else
-      s.add_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
+      s.add_dependency(%q<canonix>, ["~> 0.1"])
       s.add_dependency(%q<uuid>, ["~> 2.3"])
       s.add_dependency(%q<shoulda>, [">= 0"])
       s.add_dependency(%q<mocha>, [">= 0"])
     end
   else
-    s.add_dependency(%q<xmlcanonicalizer>, ["~> 0.1"])
+    s.add_dependency(%q<canonix>, ["~> 0.1"])
     s.add_dependency(%q<uuid>, ["~> 2.3"])
     s.add_dependency(%q<shoulda>, [">= 0"])
     s.add_dependency(%q<mocha>, [">= 0"])

data/test/responses/response5.xml.base64

@@ -0,0 +1,102 @@
+PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwy
+cDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpT
+QU1MOjIuMDpwcm90b2NvbCIKICAgICAgICAgICAgICAgICBEZXN0aW5hdGlv
+bj0iaHR0cHM6Ly9leGFtcGxlc2FtbC5mb29ibGUuY29tL2FjY2Vzcy9zYW1s
+IiBJRD0iaWQ0MzUwMDE5MDE0NzE3NzIxMDMwODIzNjI0IgogICAgICAgICAg
+ICAgICAgIElzc3VlSW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVa
+IiBWZXJzaW9uPSIyLjAiPgogICAgPHNhbWwyOklzc3VlciB4bWxuczpzYW1s
+Mj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIKICAg
+ICAgICAgICAgICAgICAgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN
+TDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmV4YW1wbGUKICAgIDwvc2Ft
+bDI6SXNzdWVyPgogICAgPHNhbWwycDpTdGF0dXMgeG1sbnM6c2FtbDJwPSJ1
+cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPgogICAgICAg
+IDxzYW1sMnA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRj
+OlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgICA8L3NhbWwycDpTdGF0
+dXM+CiAgICA8c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2Fz
+aXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQ0MzUwMDE5
+MDE2NzIzNzcxNTg0NjA0NzQiCiAgICAgICAgICAgICAgICAgICAgIElzc3Vl
+SW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVaIiBWZXJzaW9uPSIy
+LjAiPgogICAgICAgIDxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6
+bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiCiAgICAg
+ICAgICAgICAgICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVz
+OnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+ZXhhbXBsZQogICAgICAgIDwvc2Ft
+bDI6SXNzdWVyPgogICAgICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0
+dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAg
+ICA8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
+MjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgICAgICAgICA8ZHM6Q2Fub25p
+Y2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn
+LzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIKICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgIHhtbG5zOmRzPSJodHRwOi8vd3d3Lncz
+Lm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAgICAgICAgICAgICAgICA8ZHM6
+U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv
+MjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIgogICAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
+MjAwMC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgPGRzOlJlZmVy
+ZW5jZSBVUkk9IiNpZDQzNTAwMTkwMTY3MjM3NzE1ODQ2MDQ3NCIgeG1sbnM6
+ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAg
+ICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm1zIHhtbG5zOmRzPSJodHRw
+Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAg
+ICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93
+d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJl
+IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHhtbG5z
+OmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAg
+ICAgICAgICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGht
+PSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiCiAg
+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sbnM6ZHM9
+Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgPGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMg
+eG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1j
+MTRuIyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgIFByZWZpeExpc3Q9ImRzIHNhbWwyIi8+CiAgICAgICAg
+ICAgICAgICAgICAgICAgIDwvZHM6VHJhbnNmb3JtPgogICAgICAgICAgICAg
+ICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgICAgICAgICAgICAgICA8
+ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv
+MjAwMC8wOS94bWxkc2lnI3NoYTEiCiAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw
+MC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgICAgIDxkczpEaWdl
+c3RWYWx1ZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94
+bWxkc2lnIyI+c3R1ZmZpZ0wyeTAybVBXUWxHSU9sbz0KICAgICAgICAgICAg
+ICAgICAgICA8L2RzOkRpZ2VzdFZhbHVlPgogICAgICAgICAgICAgICAgPC9k
+czpSZWZlcmVuY2U+CiAgICAgICAgICAgIDwvZHM6U2lnbmVkSW5mbz4KICAg
+ICAgICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlIHhtbG5zOmRzPSJodHRwOi8v
+d3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAgICAg
+IE85REFPSWVFazFYbFgyWVZkaHFVemd4amJBam9XQjdnam1VQmtWdlRFb1dO
+akYrK2QvcnVFWkFicnVHMXhtblR2VHJ4TXN0S08wRmYKICAgICAgICAgICAg
+ICAgIDk0VVAyN05yeWM1OExmZlF0dzhEVXQ0WVNtR3k5OFM3aFVqS28yeTcy
+VTdPQVp1TnJoV0JYcTZodEc0ZzBJNDk4MTNkSWROS2xkS2QKICAgICAgICAg
+ICAgICAgIGJMSitRMTJIbEM1aUtUWG9pQjQ9CiAgICAgICAgICAgIDwvZHM6
+U2lnbmF0dXJlVmFsdWU+CiAgICAgICAgICAgIDxkczpLZXlJbmZvPgogICAg
+ICAgICAgICAgICAgPGRzOlg1MDlEYXRhPgogICAgICAgICAgICAgICAgICAg
+IDxkczpYNTA5Q2VydGlmaWNhdGU+CiAgICAgICAgICAgICAgICAgICAgICAg
+IHN0dWZmLzZwTW9Mc2NaaDJHTUsrVkE9PQogICAgICAgICAgICAgICAgICAg
+IDwvZHM6WDUwOUNlcnRpZmljYXRlPgogICAgICAgICAgICAgICAgPC9kczpY
+NTA5RGF0YT4KICAgICAgICAgICAgPC9kczpLZXlJbmZvPgogICAgICAgIDwv
+ZHM6U2lnbmF0dXJlPgogICAgICAgIDxzYW1sMjpTdWJqZWN0IHhtbG5zOnNh
+bWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4K
+ICAgICAgICAgICAgPHNhbWwyOk5hbWVJRD5zb21lb25lLmV4YW1wbGVAZ21h
+aWwuY29tPC9zYW1sMjpOYW1lSUQ+CiAgICAgICAgICAgIDxzYW1sMjpTdWJq
+ZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNB
+TUw6Mi4wOmNtOmJlYXJlciI+CiAgICAgICAgICAgICAgICA8c2FtbDI6U3Vi
+amVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDExLTA2LTE0
+VDE4OjMxOjAxLjUxNloiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGVz
+YW1sLmZvb2JsZS5jb20vYWNjZXNzL3NhbWwvIi8+CiAgICAgICAgICAgIDwv
+c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8L3NhbWwyOlN1
+YmplY3Q+CiAgICAgICAgPHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIy
+MDExLTA2LTE0VDE4OjIxOjAxLjUxNloiIE5vdE9uT3JBZnRlcj0iMjAxMS0w
+Ni0xNFQxODozMTowMS41MTZaIgogICAgICAgICAgICAgICAgICAgICAgICAg
+IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNz
+ZXJ0aW9uIj4KICAgICAgICAgICAgPHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rp
+b24+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXVkaWVuY2U+Zm9vYmxlLmNv
+bTwvc2FtbDI6QXVkaWVuY2U+CiAgICAgICAgICAgIDwvc2FtbDI6QXVkaWVu
+Y2VSZXN0cmljdGlvbj4KICAgICAgICA8L3NhbWwyOkNvbmRpdGlvbnM+CiAg
+ICAgICAgPHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAx
+MS0wNi0xNFQxODoyNjowMS41MTVaIgogICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6
+Mi4wOmFzc2VydGlvbiI+CiAgICAgICAgICAgIDxzYW1sMjpBdXRobkNvbnRl
+eHQ+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NS
+ZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFz
+c3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQKICAgICAgICAgICAgICAgIDwvc2Ft
+bDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+CiAgICAgICAgICAgIDwvc2FtbDI6
+QXV0aG5Db250ZXh0PgogICAgICAgIDwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+
+CiAgICA8L3NhbWwyOkFzc2VydGlvbj4KPC9zYW1sMnA6UmVzcG9uc2U+

data/test/ruby-saml_test.rb

@@ -1,4 +1,4 @@
-require 'test_helper'
+require File.expand_path(File.join(File.dirname(__FILE__), "test_helper"))
 
 class RubySamlTest < Test::Unit::TestCase
 
@@ -39,13 +39,6 @@ class RubySamlTest < Test::Unit::TestCase
       assert !response.name_id.nil?
     end
 
-    should "check time conditions" do
-      response = Onelogin::Saml::Response.new(response_document)
-      assert !response.check_conditions
-      response = Onelogin::Saml::Response.new(response_document_5)
-      assert response.check_conditions
-    end
-
     context "#is_valid?" do
       should "return false when response is initialized with blank data" do
         response = Onelogin::Saml::Response.new('')
@@ -59,7 +52,7 @@ class RubySamlTest < Test::Unit::TestCase
 
       should "return true when the response is initialized with valid data" do
         response = Onelogin::Saml::Response.new(response_document_4)
-        response.bypass_conditions_check = true
+        response.expects(:check_conditions).returns(true)
         assert !response.is_valid?
         settings = Onelogin::Saml::Settings.new
         assert !response.is_valid?
@@ -71,7 +64,7 @@ class RubySamlTest < Test::Unit::TestCase
 
       should "not allow signature wrapping attack" do
         response = Onelogin::Saml::Response.new(response_document_4)
-        response.bypass_conditions_check = true
+        response.expects(:check_conditions).returns(true)
         settings = Onelogin::Saml::Settings.new
         settings.idp_cert_fingerprint = signature_fingerprint_1
         response.settings = settings
@@ -90,6 +83,19 @@ class RubySamlTest < Test::Unit::TestCase
       end
     end
 
+    context "#check_conditions" do
+      should "check time conditions" do
+        response = Onelogin::Saml::Response.new(response_document)
+        assert !response.check_conditions
+        response = Onelogin::Saml::Response.new(response_document_6)
+        assert response.check_conditions
+        time     = Time.parse("2011-06-14T18:25:01.516Z")
+        Time.stubs(:now).returns(time)
+        response = Onelogin::Saml::Response.new(response_document_5)
+        assert response.check_conditions
+      end
+    end
+
     context "#attributes" do
       should "extract the first attribute in a hash accessed via its symbol" do
         response = Onelogin::Saml::Response.new(response_document)
@@ -130,12 +136,20 @@ class RubySamlTest < Test::Unit::TestCase
   end
 
   context "Authrequest" do
-    should "create the SAMLRequest URL parameter" do
+    should "create the deflated SAMLRequest URL parameter" do
       settings = Onelogin::Saml::Settings.new
       settings.idp_sso_target_url = "http://stuff.com"
       auth_url = Onelogin::Saml::Authrequest.new.create(settings)
       assert auth_url =~ /^http:\/\/stuff\.com\?SAMLRequest=/
-      payload = CGI.unescape(auth_url.split("=").last)
+      payload  = CGI.unescape(auth_url.split("=").last)
+      decoded  = Base64.decode64(payload)
+
+      zstream  = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      inflated = zstream.inflate(decoded)
+      zstream.finish
+      zstream.close
+
+      assert_match /^<samlp:AuthnRequest/, inflated
     end
 
     should "accept extra parameters" do

data/test/test_helper.rb

@@ -23,14 +23,18 @@ class Test::Unit::TestCase
   def response_document_4
     @response_document4 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response4.xml.base64'))
   end
-  
+
   def response_document_5
+    @response_document5 ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response5.xml.base64'))
+  end
+
+  def response_document_6
     doc = Base64.decode64(response_document)
     doc.gsub!(/NotBefore=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotBefore=\"#{(Time.now-300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
     doc.gsub!(/NotOnOrAfter=\"(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})Z\"/, "NotOnOrAfter=\"#{(Time.now+300).getutc.strftime("%Y-%m-%dT%XZ")}\"")
     Base64.encode64(doc)
   end
-  
+
   def signature_fingerprint_1
     @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: ruby-saml
 version: !ruby/object:Gem::Version 
-  hash: 7
+  hash: 5
   prerelease: false
   segments: 
   - 0
   - 4
-  - 4
-  version: 0.4.4
+  - 5
+  version: 0.4.5
 platform: ruby
 authors: 
 - OneLogin LLC
@@ -15,11 +15,11 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-10 00:00:00 -05:00
+date: 2011-06-17 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: xmlcanonicalizer
+  name: canonix
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
@@ -104,6 +104,7 @@ files:
 - test/responses/response2.xml.base64
 - test/responses/response3.xml.base64
 - test/responses/response4.xml.base64
+- test/responses/response5.xml.base64
 - test/ruby-saml_test.rb
 - test/test_helper.rb
 - test/xml_security_test.rb