samlr 2.2.0 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of samlr might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/samlr.rb +2 -1
  3. data/lib/samlr/certificate.rb +2 -2
  4. data/lib/samlr/fingerprint.rb +17 -4
  5. data/lib/samlr/fingerprint_sha1.rb +10 -0
  6. data/lib/samlr/fingerprint_sha256.rb +10 -0
  7. data/lib/samlr/signature.rb +2 -2
  8. data/lib/samlr/version.rb +1 -1
  9. metadata +4 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0852aa5599b1b20def86254089762f655d8c94f3
4
- data.tar.gz: da955b9cbe77bf644dbfba9a55dc3b2e1404e570
3
+ metadata.gz: f7378eb46f0f0b532f4f2cfc95dc40ac6459080c
4
+ data.tar.gz: f465d9ec773cb4b65157d0fd01b99a1692759a92
5
5
  SHA512:
6
- metadata.gz: 838a2bc524572107e674137f34fe76ed60133bab454f063e5b27459cb9379019e71ed539e7c4ca7421f03191c92ca3072e4e948fdbe369e184901cec55df3398
7
- data.tar.gz: 401beca2ecbefa2b58db24fea53060065a946f8b17247c718859c04678238359b2f95ee6b71b569d500f807f2f537c9bafcd55821a20ad4cae85b5adc510525f
6
+ metadata.gz: eed88391d3b9fdddefc7b88203d237c458a252a3c2bdda8eb9b46471d933d4ca64578682d481d84a980e50034e726629f9c026817ad8c73a495577ae1e0afffb
7
+ data.tar.gz: 1c53f2ee25f0111a45b8eaba9acfb845b56dcc4f21be67fba23d860642ddda0af65453c117ce27cffb4e83bfa066d78244ed3e97f420328690422e5fd2ddf3bf
data/lib/samlr.rb CHANGED
@@ -45,7 +45,8 @@ require "samlr/errors"
45
45
  require "samlr/tools"
46
46
  require "samlr/condition"
47
47
  require "samlr/assertion"
48
- require "samlr/fingerprint"
48
+ require "samlr/fingerprint_sha1"
49
+ require "samlr/fingerprint_sha256"
49
50
  require "samlr/signature"
50
51
  require "samlr/response"
51
52
  require "samlr/request"
data/lib/samlr/certificate.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Samlr
2
2
  class Certificate
3
3
  attr_reader :x509
4
-
4
+
5
5
  def initialize(value)
6
6
  @x509 = if value.is_a?(OpenSSL::X509::Certificate)
7
7
  value
@@ -13,7 +13,7 @@ module Samlr
13
13
  end
14
14
 
15
15
  def fingerprint
16
- @fingerprint ||= Fingerprint.new(@x509)
16
+ @fingerprint ||= FingerprintSHA256.new(@x509)
17
17
  end
18
18
 
19
19
  def ==(other)
data/lib/samlr/fingerprint.rb CHANGED
@@ -4,9 +4,18 @@ module Samlr
4
4
 
5
5
  def initialize(value)
6
6
  if value.is_a?(OpenSSL::X509::Certificate)
7
- @value = Fingerprint.x509(value)
7
+ @value = self.class.x509(value)
8
8
  else
9
- @value = Fingerprint.normalize(value)
9
+ @value = self.class.normalize(value)
10
+ end
11
+ end
12
+
13
+ def self.from_string(string)
14
+ normalized = normalize(string)
15
+ if string.gsub(':', '').length == 64
16
+ FingerprintSHA256.new(normalized)
17
+ else
18
+ FingerprintSHA1.new(normalized)
10
19
  end
11
20
  end
12
21
 
@@ -23,6 +32,10 @@ module Samlr
23
32
  end
24
33
  end
25
34
 
35
+ def verify!(certificate)
36
+ compare!(self.class.new(self.class.x509(certificate.x509)))
37
+ end
38
+
26
39
  def valid?
27
40
  value =~ /([A-F0-9]:?)+/
28
41
  end
@@ -33,7 +46,7 @@ module Samlr
33
46
 
34
47
  # Extracts a fingerprint for an x509 certificate
35
48
  def self.x509(certificate)
36
- normalize(OpenSSL::Digest::SHA1.new.hexdigest(certificate.to_der))
49
+ raise NotImplementedError, 'subclass must implement x509'
37
50
  end
38
51
 
39
52
  # Converts a string to fingerprint normal form
@@ -41,4 +54,4 @@ module Samlr
41
54
  value.to_s.upcase.gsub(/[^A-F0-9]/, "").scan(/../).join(":")
42
55
  end
43
56
  end
44
- end
57
+ end
data/lib/samlr/fingerprint_sha1.rb ADDED
@@ -0,0 +1,10 @@
1
+ require "samlr/fingerprint"
2
+
3
+ module Samlr
4
+ class FingerprintSHA1 < Fingerprint
5
+ # Extracts a fingerprint for an x509 certificate
6
+ def self.x509(certificate)
7
+ normalize(OpenSSL::Digest::SHA1.new.hexdigest(certificate.to_der))
8
+ end
9
+ end
10
+ end
data/lib/samlr/fingerprint_sha256.rb ADDED
@@ -0,0 +1,10 @@
1
+ require "samlr/fingerprint"
2
+
3
+ module Samlr
4
+ class FingerprintSHA256 < Fingerprint
5
+ # Extracts a fingerprint for an x509 certificate
6
+ def self.x509(certificate)
7
+ normalize(OpenSSL::Digest::SHA256.new.hexdigest(certificate.to_der))
8
+ end
9
+ end
10
+ end
data/lib/samlr/signature.rb CHANGED
@@ -21,7 +21,7 @@ module Samlr
21
21
  end
22
22
 
23
23
  @fingerprint = if options[:fingerprint]
24
- Fingerprint.new(options[:fingerprint])
24
+ Fingerprint.from_string(options[:fingerprint])
25
25
  elsif options[:certificate]
26
26
  Certificate.new(options[:certificate]).fingerprint
27
27
  end
@@ -61,7 +61,7 @@ module Samlr
61
61
 
62
62
  # Establishes trust that the remote party is who you think
63
63
  def verify_fingerprint!
64
- fingerprint.compare!(certificate!.fingerprint)
64
+ fingerprint.verify!(certificate!)
65
65
  end
66
66
 
67
67
  # Tests that the document content has not been edited
data/lib/samlr/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Samlr
2
- VERSION = "2.2.0"
2
+ VERSION = "2.3.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: samlr
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Morten Primdahl
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-10-05 00:00:00.000000000 Z
11
+ date: 2015-12-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -118,6 +118,8 @@ files:
118
118
  - lib/samlr/condition.rb
119
119
  - lib/samlr/errors.rb
120
120
  - lib/samlr/fingerprint.rb
121
+ - lib/samlr/fingerprint_sha1.rb
122
+ - lib/samlr/fingerprint_sha256.rb
121
123
  - lib/samlr/logout_request.rb
122
124
  - lib/samlr/reference.rb
123
125
  - lib/samlr/request.rb