ruby-samlnechotech 0.7.26 → 0.7.27
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b9926b344ac2ffd7ab1a925d954d23c704f55715
|
4
|
+
data.tar.gz: 683b5078e34c45c96b9b75634ee1884a37412e30
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab84a37576bf427a111293a8bc3ee4aef9a8a92d95cb50c282274dd852dca75ca3a5e64cc15edc3354402dfc4761210f2261efd283cf42fb73bd9220967fec03
|
7
|
+
data.tar.gz: a2854bd8f4e93b5f25891291c052ce262456b5acb99eb824782216613e885b68b3b64f589f83f5cecb344408f80d694ea144cbc219e6399d9a17220e6677bb9a
|
@@ -29,6 +29,23 @@ module Onelogin
|
|
29
29
|
validate
|
30
30
|
end
|
31
31
|
|
32
|
+
def xml_cert_validate(idp_cert_fingerprint, logger)
|
33
|
+
|
34
|
+
# get cert from response
|
35
|
+
base64_cert = self.elements["//ds:X509Certificate"].text
|
36
|
+
cert_text = Base64.decode64(base64_cert)
|
37
|
+
cert = OpenSSL::X509::Certificate.new(cert_text)
|
38
|
+
|
39
|
+
# check cert matches registered idp cert
|
40
|
+
fingerprint = Digest::SHA1.hexdigest(cert.to_der)
|
41
|
+
logger.info("fingerprint = " + fingerprint) if !logger.nil?
|
42
|
+
valid_flag = fingerprint == idp_cert_fingerprint.gsub(":", "").downcase
|
43
|
+
|
44
|
+
return valid_flag if !valid_flag
|
45
|
+
|
46
|
+
document.validate_doc(base64_cert, logger)
|
47
|
+
end
|
48
|
+
|
32
49
|
def validate!
|
33
50
|
validate(false)
|
34
51
|
end
|
@@ -110,7 +127,7 @@ module Onelogin
|
|
110
127
|
validate_structure(soft) &&
|
111
128
|
validate_response_state(soft) &&
|
112
129
|
validate_conditions(soft) &&
|
113
|
-
|
130
|
+
xml_cert_validate(get_fingerprint, soft) &&
|
114
131
|
success?
|
115
132
|
end
|
116
133
|
|