RubyGems - saml-kit - Versions diffs - 0.2.0 → 0.2.1 - Mend

saml-kit 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/.gitlab-ci.yml +15 -0
data/lib/saml/kit.rb +1 -0
data/lib/saml/kit/certificate.rb +59 -0
data/lib/saml/kit/configuration.rb +2 -2
data/lib/saml/kit/fingerprint.rb +1 -4
data/lib/saml/kit/identity_provider_metadata.rb +15 -4
data/lib/saml/kit/metadata.rb +6 -16
data/lib/saml/kit/response.rb +1 -1
data/lib/saml/kit/service_provider_metadata.rb +0 -2
data/lib/saml/kit/version.rb +1 -1
data/lib/saml/kit/xml.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0ebef3199d5a8a66f49c3c57a2aafb1a4f54149c
-  data.tar.gz: 9dce4bab8931cd0fc1aa8b147a461bdaf198328f
+  metadata.gz: 0a54e04d0c915cf2ed6df1ffa201fca9abea800e
+  data.tar.gz: f38bb36f287bc9f9b7c185eb00b7c87641f99f23
 SHA512:
-  metadata.gz: a6f4922d39dd247dd91caa3262ed5cb0119c2f2d245c1609a5fa41bee27742a47845fea3dfe6605d7124030f9e7f844c2029e75d2cafbbf57288ded697fa14fa
-  data.tar.gz: 99d7c34ce9fae83d81ce16eec10fd6ef9fd1d70f8d67cfbb412d4be45e59b2f28f2db5818de8c7520756a508c9e973c6598571054bb52cda6b5d57fcf8af2c77
+  metadata.gz: 9bf0e3a075afb0fb4b1038b265a39382a3463cf4b4c490d45cd605534341a4b2227fdf09709af556da2b94e25ca0d50fecd440b5e0ff2e68076fd2584010b110
+  data.tar.gz: ed750eb4bf73f1f631b83c4b17d2ddb1e15907955ce686b9ddaaa591a27c22a79fcac0b76a86ac3898e7c59b2d23e12616965286de614e1cd2b7f118ffd96f0f

data/.gitlab-ci.yml ADDED Viewed

@@ -0,0 +1,15 @@
+image: ruby:2.2
+before_script:
+  - apt-get update && apt-get install -y locales
+  - echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
+  - locale-gen
+  - export LC_ALL=en_US.UTF-8
+  - ruby -v
+  - which ruby
+  - gem install bundler --no-ri --no-rdoc
+  - bundle install --jobs $(nproc) "${FLAGS[@]}"
+rspec:
+  script:
+    - bundle exec rspec

data/lib/saml/kit.rb CHANGED Viewed

@@ -23,6 +23,7 @@ require "saml/kit/document"
 require "saml/kit/authentication_request"
 require "saml/kit/bindings"
+require "saml/kit/certificate"
 require "saml/kit/configuration"
 require "saml/kit/crypto"
 require "saml/kit/cryptography"

data/lib/saml/kit/certificate.rb ADDED Viewed

@@ -0,0 +1,59 @@
+module Saml
+  module Kit
+    class Certificate
+      attr_reader :value, :use
+      def initialize(value, use:)
+        @value = value
+        @use = use.downcase.to_sym
+      end
+      def fingerprint
+        Fingerprint.new(value)
+      end
+      def for?(use)
+        self.use == use.to_sym
+      end
+      def encryption?
+        :encryption == use
+      end
+      def signing?
+        :signing == use
+      end
+      def x509
+        self.class.to_x509(value)
+      end
+      def public_key
+        x509.public_key
+      end
+      def ==(other)
+        self.to_s == other.to_s
+      end
+      def eql?(other)
+        self == other
+      end
+      def hash
+        value.hash
+      end
+      def to_s
+        value
+      end
+      def self.to_x509(value)
+        OpenSSL::X509::Certificate.new(Base64.decode64(value))
+      rescue OpenSSL::X509::CertificateError => error
+        Saml::Kit.logger.warn(error)
+        OpenSSL::X509::Certificate.new(value)
+      end
+    end
+  end
+end

data/lib/saml/kit/configuration.rb CHANGED Viewed

@@ -32,11 +32,11 @@ module Saml
       end
       def signing_x509
-        OpenSSL::X509::Certificate.new(signing_certificate_pem)
+        Certificate.to_x509(signing_certificate_pem)
       end
       def encryption_x509
-        OpenSSL::X509::Certificate.new(encryption_certificate_pem)
+        Certificate.to_x509(encryption_certificate_pem)
       end
       def signing_private_key

data/lib/saml/kit/fingerprint.rb CHANGED Viewed

@@ -4,10 +4,7 @@ module Saml
       attr_reader :x509
       def initialize(raw_certificate)
-        @x509 = OpenSSL::X509::Certificate.new(raw_certificate)
-      rescue OpenSSL::X509::CertificateError => error
-        Saml::Kit.logger.warn(error)
-        @x509 = OpenSSL::X509::Certificate.new(Base64.decode64(raw_certificate))
+        @x509 = Certificate.to_x509(raw_certificate)
       end
       def algorithm(algorithm)

data/lib/saml/kit/identity_provider_metadata.rb CHANGED Viewed

@@ -62,10 +62,21 @@ module Saml
             xml.EntityDescriptor entity_descriptor_options do
               signature.template(id)
               xml.IDPSSODescriptor idp_sso_descriptor_options do
-                xml.KeyDescriptor use: "signing" do
-                  xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
-                    xml.X509Data do
-                      xml.X509Certificate @configuration.stripped_signing_certificate
+                if @configuration.signing_certificate_pem.present?
+                  xml.KeyDescriptor use: "signing" do
+                    xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+                      xml.X509Data do
+                        xml.X509Certificate @configuration.stripped_signing_certificate
+                      end
+                    end
+                  end
+                end
+                if @configuration.encryption_certificate_pem.present?
+                  xml.KeyDescriptor use: "encryption" do
+                    xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
+                      xml.X509Data do
+                        xml.X509Certificate @configuration.stripped_encryption_certificate
+                      end
                     end
                   end
                 end

data/lib/saml/kit/metadata.rb CHANGED Viewed

@@ -30,20 +30,16 @@ module Saml
       def certificates
         @certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
           cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", Xml::NAMESPACES).text
-          {
-            text: cert,
-            fingerprint: Fingerprint.new(cert).algorithm(hash_algorithm),
-            use: item.attribute('use').value.to_sym,
-          }
+          Certificate.new(cert, use: item.attribute('use').value.to_sym)
         end
       end
       def encryption_certificates
-        certificates.find_all { |x| x[:use] == :encryption }
+        certificates.find_all(&:encryption?)
       end
       def signing_certificates
-        certificates.find_all { |x| x[:use] == :signing }
+        certificates.find_all(&:signing?)
       end
       def services(type)
@@ -68,12 +64,8 @@ module Saml
       end
       def matches?(fingerprint, use: :signing)
-        if :signing == use.to_sym
-          hash_value = fingerprint.algorithm(hash_algorithm)
-          signing_certificates.find do |signing_certificate|
-            Saml::Kit.logger.debug [hash_value, signing_certificate[:fingerprint]].inspect
-            hash_value == signing_certificate[:fingerprint]
-          end
+        certificates.find do |certificate|
+          certificate.for?(use) && certificate.fingerprint == fingerprint
         end
       end
@@ -91,9 +83,7 @@ module Saml
       def verify(algorithm, signature, data)
         signing_certificates.find do |cert|
-          x509 = OpenSSL::X509::Certificate.new(Base64.decode64(cert[:text]))
-          public_key = x509.public_key
-          public_key.verify(algorithm, signature, data)
+          cert.public_key.verify(algorithm, signature, data)
         end
       end

data/lib/saml/kit/response.rb CHANGED Viewed

@@ -186,7 +186,7 @@ module Saml
             yield temp
             raw_xml_to_encrypt = temp.target!
-            encryption_certificate = OpenSSL::X509::Certificate.new(Base64.decode64(request.provider.encryption_certificates.first[:text]))
+            encryption_certificate = request.provider.encryption_certificates.first
             public_key = encryption_certificate.public_key
             cipher = OpenSSL::Cipher.new('AES-256-CBC')

data/lib/saml/kit/service_provider_metadata.rb CHANGED Viewed

@@ -18,8 +18,6 @@ module Saml
         attribute.text.downcase == "true"
       end
-      private
       class Builder
         attr_accessor :id, :entity_id, :acs_urls, :logout_urls, :name_id_formats, :sign
         attr_accessor :want_assertions_signed

data/lib/saml/kit/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Saml
   module Kit
-    VERSION = "0.2.0"
+    VERSION = "0.2.1"
   end
 end

data/lib/saml/kit/xml.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Saml
       def x509_certificates
         xpath = "//ds:KeyInfo/ds:X509Data/ds:X509Certificate"
         document.search(xpath, Xmldsig::NAMESPACES).map do |item|
-          OpenSSL::X509::Certificate.new(Base64.decode64(item.text))
+          Certificate.to_x509(item.text)
         end
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: saml-kit
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - mo khan
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-11-26 00:00:00.000000000 Z
+date: 2017-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -160,6 +160,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".gitlab-ci.yml"
 - ".rspec"
 - ".travis.yml"
 - Gemfile
@@ -177,6 +178,7 @@ files:
 - lib/saml/kit/bindings/http_post.rb
 - lib/saml/kit/bindings/http_redirect.rb
 - lib/saml/kit/bindings/url_builder.rb
+- lib/saml/kit/certificate.rb
 - lib/saml/kit/configuration.rb
 - lib/saml/kit/crypto.rb
 - lib/saml/kit/crypto/oaep_cipher.rb