ruby-saml 0.4.6 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (9) hide show
  1. data/VERSION +1 -1
  2. data/lib/onelogin/saml/response.rb +12 -3
  3. data/lib/onelogin/saml/settings.rb +1 -1
  4. data/ruby-saml.gemspec +3 -3
  5. data/test/certificates/certificate1 +12 -0
  6. data/test/response_test.rb +11 -2
  7. data/test/test_helper.rb +4 -0
  8. metadata +5 -5
  9. data/test/responses/certificate1 +0 -12
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.4.6
1
+ 0.4.7
data/lib/onelogin/saml/response.rb CHANGED
@@ -81,7 +81,7 @@ module Onelogin::Saml
81
81
  def validate(soft = true)
82
82
  validate_response_state(soft) &&
83
83
  validate_conditions(soft) &&
84
- document.validate(settings.idp_cert_fingerprint, soft)
84
+ document.validate(get_fingerprint, soft)
85
85
  end
86
86
 
87
87
  def validate_response_state(soft = true)
@@ -93,12 +93,21 @@ module Onelogin::Saml
93
93
  return soft ? false : validation_error("No settings on response")
94
94
  end
95
95
 
96
- if settings.idp_cert_fingerprint.nil?
97
- return soft ? false : validation_error("No fingerprint on settings")
96
+ if settings.idp_cert_fingerprint.nil? && settings.idp_cert.nil?
97
+ return soft ? false : validation_error("No fingerprint or certificate on settings")
98
98
  end
99
99
 
100
100
  true
101
101
  end
102
+
103
+ def get_fingerprint
104
+ if settings.idp_cert
105
+ cert = OpenSSL::X509::Certificate.new(settings.idp_cert)
106
+ Digest::SHA1.hexdigest(cert.to_der).upcase.scan(/../).join(":")
107
+ else
108
+ settings.idp_cert_fingerprint
109
+ end
110
+ end
102
111
 
103
112
  def validate_conditions(soft = true)
104
113
  return true if conditions.nil?
data/lib/onelogin/saml/settings.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Onelogin::Saml
2
2
  class Settings
3
3
  attr_accessor :assertion_consumer_service_url, :issuer, :sp_name_qualifier
4
- attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :name_identifier_format
4
+ attr_accessor :idp_sso_target_url, :idp_cert_fingerprint, :idp_cert, :name_identifier_format
5
5
  end
6
6
  end
data/ruby-saml.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{ruby-saml}
8
- s.version = "0.4.6"
8
+ s.version = "0.4.7"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["OneLogin LLC"]
12
- s.date = %q{2011-06-28}
12
+ s.date = %q{2011-06-30}
13
13
  s.description = %q{SAML toolkit for Ruby on Rails}
14
14
  s.email = %q{support@onelogin.com}
15
15
  s.extra_rdoc_files = [
@@ -31,10 +31,10 @@ Gem::Specification.new do |s|
31
31
  "lib/ruby-saml.rb",
32
32
  "lib/xml_security.rb",
33
33
  "ruby-saml.gemspec",
34
+ "test/certificates/certificate1",
34
35
  "test/request_test.rb",
35
36
  "test/response_test.rb",
36
37
  "test/responses/adfs_response.xml.base64",
37
- "test/responses/certificate1",
38
38
  "test/responses/open_saml_response.xml",
39
39
  "test/responses/response1.xml.base64",
40
40
  "test/responses/response2.xml.base64",
data/test/certificates/certificate1 ADDED
@@ -0,0 +1,12 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
3
+ YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv
4
+ Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMTAxMTIxMTUxMloX
5
+ DTE1MTAxMTIxMTUxMlowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
6
+ aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX
7
+ BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
8
+ AoGBAMPmjfjy7L35oDpeBXBoRVCgktPkLno9DOEWB7MgYMMVKs2B6ymWQLEWrDug
9
+ MK1hkzWFhIb5fqWLGbWy0J0veGR9/gHOQG+rD/I36xAXnkdiXXhzoiAG/zQxM0ed
10
+ MOUf40n314FC8moErcUg6QabttzesO59HFz6shPuxcWaVAgxAgMBAAEwAwYBAAMB
11
+ AA==
12
+ -----END CERTIFICATE-----
data/test/response_test.rb CHANGED
@@ -48,6 +48,15 @@ class RubySamlTest < Test::Unit::TestCase
48
48
  assert response.is_valid?
49
49
  end
50
50
 
51
+ should "return true when using certificate instead of fingerprint" do
52
+ response = Onelogin::Saml::Response.new(response_document_4)
53
+ response.stubs(:conditions).returns(nil)
54
+ settings = Onelogin::Saml::Settings.new
55
+ response.settings = settings
56
+ settings.idp_cert = signature_1
57
+ assert response.is_valid?
58
+ end
59
+
51
60
  should "not allow signature wrapping attack" do
52
61
  response = Onelogin::Saml::Response.new(response_document_4)
53
62
  response.stubs(:conditions).returns(nil)
@@ -77,12 +86,12 @@ class RubySamlTest < Test::Unit::TestCase
77
86
  assert_equal "someone@example.com", response.name_id
78
87
  end
79
88
 
80
- should_eventually "be extractable from an OpenSAML response" do
89
+ should "be extractable from an OpenSAML response" do
81
90
  response = Onelogin::Saml::Response.new(fixture(:open_saml))
82
91
  assert_equal "someone@example.org", response.name_id
83
92
  end
84
93
 
85
- should_eventually "be extractable from a Simple SAML PHP response" do
94
+ should "be extractable from a Simple SAML PHP response" do
86
95
  response = Onelogin::Saml::Response.new(fixture(:simple_saml_php))
87
96
  assert_equal "someone@example.com", response.name_id
88
97
  end
data/test/test_helper.rb CHANGED
@@ -48,5 +48,9 @@ class Test::Unit::TestCase
48
48
  def signature_fingerprint_1
49
49
  @signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
50
50
  end
51
+
52
+ def signature_1
53
+ @signature1 ||= File.read(File.join(File.dirname(__FILE__), 'certificates', 'certificate1'))
54
+ end
51
55
 
52
56
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-saml
3
3
  version: !ruby/object:Gem::Version
4
- hash: 3
4
+ hash: 1
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 4
9
- - 6
10
- version: 0.4.6
9
+ - 7
10
+ version: 0.4.7
11
11
  platform: ruby
12
12
  authors:
13
13
  - OneLogin LLC
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-06-28 00:00:00 +02:00
18
+ date: 2011-06-30 00:00:00 +02:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -114,10 +114,10 @@ files:
114
114
  - lib/ruby-saml.rb
115
115
  - lib/xml_security.rb
116
116
  - ruby-saml.gemspec
117
+ - test/certificates/certificate1
117
118
  - test/request_test.rb
118
119
  - test/response_test.rb
119
120
  - test/responses/adfs_response.xml.base64
120
- - test/responses/certificate1
121
121
  - test/responses/open_saml_response.xml
122
122
  - test/responses/response1.xml.base64
123
123
  - test/responses/response2.xml.base64
data/test/responses/certificate1 DELETED
@@ -1,12 +0,0 @@
1
- -----BEGIN CERTIFICATE-----
2
- MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
3
- YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv
4
- Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMDMwOTA5NTgzNFoX
5
- DTE1MDMwOTA5NTgzNFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
6
- aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX
7
- BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
8
- AoGBANtmwriqGBbZy5Dwy2CmJEtHEENVPoATCZP3UDESRDQmXy9Q0Kq1lBt+KyV4
9
- kJNHYAAQ9egLGWQ8/1atkPBye5s9fxROtf8VO3uk/x/X5VSRODIrhFISGmKUnVXa
10
- UhLFIXkGSCAIVfoR5S2ggdfpINKUWGsWS/lEzLNYMBkURXuVAgMBAAEwAwYBAAMB
11
- AA==
12
- -----END CERTIFICATE-----