samlr 2.0.4 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 80b04360348dfd9ce7a8962cf47500b5c25654e6
-  data.tar.gz: 4a02064f3e0d57fd26877778a3f9f954dd0be6fd
+  metadata.gz: aa55b3484fd8e8dd43b93e1143b624040e15f0c3
+  data.tar.gz: 3696af964c60dbe42ed471ad8b815784e8ff5fc9
 SHA512:
-  metadata.gz: c73af6bf4ff4a50b7fb8a5906e50752d3288666c39ab6eea174a739b50b85d7b40387c355bd9b1d240d6597e259145cd03170cd1a60606f5d850ee04e0760c31
-  data.tar.gz: c201e8a43db90a944b533d65d2b84dc500e97878044105bb5e334c6bde5b8189c83b8663c66c2e7af1aa1db720877749bb583d24a9f670683ebc52cece05c8ba
+  metadata.gz: 7d2197f6871a43e2d2b494710b6e728ac2da02f40581be76a1e661662b3dcb912ba80db082d42b81dda2a8d83eb0200d958863caba0243587532b73cd62df69a
+  data.tar.gz: 0f96bf4a8c71de4372005b7f13fb054ea6c63cd6e4a9e913f8b10aaaa8e81cd0fa38ef76d24e12a00072ac4530e1e66e1265eefcb417b4f572d52ae93e965a32

data/README.md

@@ -124,6 +124,7 @@ Please help adding IdP's or IdP services you find to work with Samlr. The below
 
 * Novell/NetIQ
 * MS ADFS 2.0
+* Oracle WebLogic
 * http://simplesamlphp.org/
 * http://www.ssoeasy.com/
 * http://www.okta.com/

data/lib/samlr/response.rb

@@ -19,7 +19,7 @@ module Samlr
     # is destructive the document needs to verify itself first, and then any signed assertions
     def verify!
       if signature.missing? && assertion.signature.missing?
-        raise Samlr::SignatureError.new("Neither response nor assertion signed")
+        raise Samlr::SignatureError.new("Neither response nor assertion signed with a certificate")
       end
 
       signature.verify! unless signature.missing?

data/lib/samlr/signature.rb

@@ -32,7 +32,7 @@ module Samlr
     end
 
     def missing?
-      signature.nil?
+      signature.nil? || certificate.nil?
     end
 
     def verify!
@@ -56,12 +56,12 @@ module Samlr
     private
 
     def x509
-      @x509 ||= certificate.x509
+      @x509 ||= certificate!.x509
     end
 
     # Establishes trust that the remote party is who you think
     def verify_fingerprint!
-      fingerprint.compare!(certificate.fingerprint)
+      fingerprint.compare!(certificate!.fingerprint)
     end
 
     # Tests that the document content has not been edited
@@ -117,11 +117,15 @@ module Samlr
         elsif cert = options[:certificate]
           Certificate.new(cert)
         else
-          raise SignatureError.new("No X509Certificate element in response signature. Cannot validate signature.")
+          nil
         end
       end
     end
 
+    def certificate!
+      certificate || raise(SignatureError.new("No X509Certificate element in response signature. Cannot validate signature."))
+    end
+
     def certificate_node
       signature.at("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", NS_MAP)
     end

data/lib/samlr/tools/response_builder.rb

@@ -95,9 +95,11 @@ module Samlr
 
         # The core response is ready, not on to signing
         response = builder.doc
+        assertion_options = options.merge(:skip_keyinfo => options[:skip_assertion_keyinfo])
+        response = sign(response, assertion_id, assertion_options) if sign_assertion
 
-        response = sign(response, assertion_id, options) if sign_assertion
-        response = sign(response, response_id, options)  if sign_response
+        response_options = options.merge(:skip_keyinfo => options[:skip_response_keyinfo])
+        response = sign(response, response_id, response_options)  if sign_response
 
         response.to_xml(COMPACT)
       end

data/samlr.gemspec

@@ -1,4 +1,4 @@
-Gem::Specification.new "samlr", "2.0.4" do |s|
+Gem::Specification.new "samlr", "2.1.0" do |s|
   s.summary     = "Ruby tools for SAML"
   s.description = "Helps you implement a SAML SP"
   s.authors     = ["Morten Primdahl"]

data/test/unit/test_response_scenarios.rb

@@ -71,7 +71,7 @@ describe Samlr do
   end
 
   describe "when there is no keyinfo" do
-    subject { saml_response(:certificate => TEST_CERTIFICATE, :skip_keyinfo => true) }
+    subject { saml_response(:certificate => TEST_CERTIFICATE, :skip_response_keyinfo => true, :skip_assertion_keyinfo => true) }
 
     it "fails" do
       assert_raises(Samlr::SignatureError) { subject.verify! }
@@ -108,4 +108,19 @@ describe Samlr do
     end
   end
 
+  describe "when only the response signature is missing a certificate" do
+    subject { saml_response(:certificate => TEST_CERTIFICATE, :skip_response_keyinfo => true) }
+
+    it "verifies" do
+      assert subject.verify!
+    end
+  end
+
+  describe "when only the assertion signature is missing a certificate" do
+    subject { saml_response(:certificate => TEST_CERTIFICATE, :skip_assertion_keyinfo => true) }
+
+    it "verifies" do
+      assert subject.verify!
+    end
+  end
 end

data/test/unit/test_signature.rb

@@ -21,15 +21,15 @@ describe Samlr::Signature do
     end
   end
 
-  describe "#certificate" do
+  describe "#certificate!" do
     it "should extract the certificate" do
-      assert_equal TEST_CERTIFICATE.to_certificate, @signature.send(:certificate)
+      assert_equal TEST_CERTIFICATE.to_certificate, @signature.send(:certificate!)
     end
 
     describe "when there is no X509 certificate" do
       it "should raise a signature error" do
         @signature.stub(:certificate_node, nil) do
-          assert_raises(Samlr::SignatureError) { @signature.send(:certificate) }
+          assert_raises(Samlr::SignatureError) { @signature.send(:certificate!) }
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: samlr
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.1.0
 platform: ruby
 authors:
 - Morten Primdahl
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-02 00:00:00.000000000 Z
+date: 2015-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -182,4 +182,3 @@ signing_key:
 specification_version: 4
 summary: Ruby tools for SAML
 test_files: []
-has_rdoc: