RubyGems - samlr - Versions diffs - 2.7.1.pre.3 → 2.7.1 - Mend

samlr 2.7.1.pre.3 → 2.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99111c7af501ed1d300602d81d603fe0869e042dc9b330cb38aa800c77a79517
-  data.tar.gz: 755f39f3397bdff3454a05bd47c329ebbf0440c4103469153ed3518bf1aa47c1
+  metadata.gz: 981235b1e8b9c47db48aa1ad9dd69103f68766c4e9f247980e2482f5c0130f38
+  data.tar.gz: ffda22321c9f2cb8564681747e426f59dc9cd77aed0761bb71e88d5c43ac393d
 SHA512:
-  metadata.gz: 49bb0ebfda779df0a6950eaedac7487b5c1a03475b488573b028d4b86b51a1cbf16c641ad09f15e3bae9bc8717795572d59103590b456b82f22879347881a4d2
-  data.tar.gz: f111bab5d4b7f933bf217b7bd0a2c89d179768409fc0215e78e9c0a739ebf8bf5860fb481ec4c94da9e352da7c6975f8293003acc19160c03d04e2ae38bd8577
+  metadata.gz: 3001de515250f4deb3fff83454aab102c7c72a712304206a88a398b4a5db4f0aa00fc618ae9c85964b8ccfd60cefbc7b13b2fccb50820851b8257e22943a64af
+  data.tar.gz: df04ff380856705c2b15ce7bdbde71708c12d5d8ae3c518debfcd6f7042987fd7b347433bb09eb7f69f5391ac5f30feb3589756e51e34fa3b0da30d068b62700

data/lib/samlr/signature.rb CHANGED Viewed

@@ -17,14 +17,8 @@ module Samlr
       @options  = options
       @signature = nil
-      # TODO: This option exists only in a pre-release version to allow testing the feature; remove it from the final release
-      if options[:skip_signature_reference_checking]
-        @signature = @document.at("#{prefix}/ds:Signature", NS_MAP)
-        @signature.remove if @signature # enveloped signatures only
-      else
-        id = @document.at("#{prefix}", NS_MAP)&.attribute('ID')
-        @signature = find_signature_for_element_id(id) if id
-      end
+      id = @document.at("#{prefix}", NS_MAP)&.attribute('ID')
+      @signature = find_signature_for_element_id(id) if id
       @fingerprint = if options[:fingerprint]
         Fingerprint.from_string(options[:fingerprint])
@@ -45,28 +39,17 @@ module Samlr
       raise SignatureError.new("No signature at #{prefix}/ds:Signature") unless present?
       verify_fingerprint! unless options[:skip_fingerprint]
-      if options[:skip_signature_reference_checking]
-        verify_digests!
-        verify_signature!
-      else
-        verify_signature!  # <- Do this first while signature is still available
-        verify_digests!    # <- This can remove the signature
-      end
+      verify_signature!  # Do this first while signature is still available
+      verify_digests!    # This may remove enveloped signatures
       true
     end
     def references
       @references ||= [].tap do |refs|
-        if options[:skip_signature_reference_checking]
-          original.xpath("#{prefix}/ds:Signature/ds:SignedInfo/ds:Reference[@URI]", NS_MAP).each do |ref|
-            refs << Samlr::Reference.new(ref)
-          end
-        else
-          refs_xpath = @signature.xpath("./ds:SignedInfo/ds:Reference[@URI]", NS_MAP)
-          refs_xpath.each do |ref|
-            refs << Samlr::Reference.new(ref)
-          end
+        refs_xpath = @signature.xpath("./ds:SignedInfo/ds:Reference[@URI]", NS_MAP)
+        refs_xpath.each do |ref|
+          refs << Samlr::Reference.new(ref)
         end
       end
@@ -85,58 +68,39 @@ module Samlr
     # Tests that the document content has not been edited
     def verify_digests!
-      if options[:skip_signature_reference_checking]
-        references.each do |reference|
-          node    = referenced_node(reference.uri)
-          canoned = node.canonicalize(C14N, reference.namespaces)
-          digest  = reference.digest_method.digest(canoned)
-          if digest != reference.decoded_digest_value
-            raise SignatureError.new("Reference validation error: Digest mismatch for #{reference.uri}")
-          end
-        end
-      else
-        # Check if we need to remove an enveloped signature
-        if @signature && !@signature_removed
-          signed_element = @document.at("#{prefix}", NS_MAP)
-          is_enveloped = signed_element&.xpath(".//ds:Signature", NS_MAP)&.include?(@signature)
-          # Remove enveloped signature for digest verification
-          if is_enveloped
-            @signature.remove
-            @signature_removed = true
-          end
+      # Check if we need to remove an enveloped signature
+      if @signature && !@signature_removed
+        signed_element = @document.at("#{prefix}", NS_MAP)
+        is_enveloped = signed_element&.xpath(".//ds:Signature", NS_MAP)&.include?(@signature)
+        # Remove enveloped signature for digest verification
+        if is_enveloped
+          @signature.remove
+          @signature_removed = true
         end
+      end
-        references.each do |reference|
-          node    = referenced_node(reference.uri)
-          canoned = node.canonicalize(C14N, reference.namespaces)
-          digest  = reference.digest_method.digest(canoned)
+      references.each do |reference|
+        node    = referenced_node(reference.uri)
+        canoned = node.canonicalize(C14N, reference.namespaces)
+        digest  = reference.digest_method.digest(canoned)
-          if digest != reference.decoded_digest_value
-            raise SignatureError.new("Reference validation error: Digest mismatch for #{reference.uri}")
-          end
+        if digest != reference.decoded_digest_value
+          raise SignatureError.new("Reference validation error: Digest mismatch for #{reference.uri}")
         end
       end
     end
     # Tests correctness of the signature (and hence digests)
     def verify_signature!
-      if options[:skip_signature_reference_checking]
-        node = original.at("#{prefix}/ds:Signature/ds:SignedInfo", NS_MAP)
-        canoned = node.canonicalize(C14N)
-        unless x509.public_key.verify(signature_method.new, decoded_signature_value, canoned)
-          raise SignatureError.new("Signature validation error: Possible canonicalization mismatch", "This canonicalizer returns #{canoned}")
-        end
-      else
-        # Cache the canonicalized SignedInfo to avoid DOM issues with multiple verifications
-        unless @canonicalized_signed_info
-          node = @signature.at("./ds:SignedInfo", NS_MAP)
-          @canonicalized_signed_info = node.canonicalize(C14N)
-        end
-        unless x509.public_key.verify(signature_method.new, decoded_signature_value, @canonicalized_signed_info)
-          raise SignatureError.new("Signature validation error: Possible canonicalization mismatch", "This canonicalizer returns #{@canonicalized_signed_info}")
-        end
+      # Cache the canonicalized SignedInfo to avoid DOM issues with multiple verifications
+      unless @canonicalized_signed_info
+        node = @signature.at("./ds:SignedInfo", NS_MAP)
+        @canonicalized_signed_info = node.canonicalize(C14N)
+      end
+      unless x509.public_key.verify(signature_method.new, decoded_signature_value, @canonicalized_signed_info)
+        raise SignatureError.new("Signature validation error: Possible canonicalization mismatch", "This canonicalizer returns #{@canonicalized_signed_info}")
       end
     end

data/lib/samlr/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Samlr
-  VERSION = "2.7.1.pre.3"
+  VERSION = "2.7.1"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: samlr
 version: !ruby/object:Gem::Version
-  version: 2.7.1.pre.3
+  version: 2.7.1
 platform: ruby
 authors:
 - Morten Primdahl
@@ -9,34 +9,6 @@ bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: nokogiri
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.5.5
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.5.5
-- !ruby/object:Gem::Dependency
-  name: uuidtools
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.1.3
 - !ruby/object:Gem::Dependency
   name: base64
   requirement: !ruby/object:Gem::Requirement
@@ -52,7 +24,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: logger
+  name: cgi
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -66,27 +38,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
+  name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -94,47 +52,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bump
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: 1.5.5
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '6.0'
+        version: 1.5.5
 - !ruby/object:Gem::Dependency
-  name: minitest-mock
+  name: uuidtools
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
+        version: 2.1.3
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.3
 description: Helps you implement a SAML SP
 email: primdahl@me.com
 executables:
@@ -187,7 +131,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="