samlsso 0.1.3 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/samlsso/saml_message.rb +2 -2
- data/lib/samlsso/version.rb +1 -1
- data/lib/xml_security.rb +50 -16
- data/samlsso-0.1.4.gem +0 -0
- data/samlsso-0.1.5.gem +0 -0
- data/samlsso-0.1.6.gem +0 -0
- data/samlsso-0.1.7.gem +0 -0
- data/samlsso.gemspec +4 -11
- metadata +20 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4e498a0d35bed7c8d8c4f432b34fc9494067f202dbf852a99a88617bb9f83ab6
|
|
4
|
+
data.tar.gz: 9c6c0ed8bcb706dba9e41f756d9f4e7fc3e2029009f54d2647c55a11f6d0781c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23180bf12ae60f4457abc0219f78de41406d54e8a40cf49a373c175bf111acd5a50bae20252c7aca3bdaef74fe4fa9530bed2b3a6558415f8f7da9780f007cd5
|
|
7
|
+
data.tar.gz: 71718a357e8fa6576243dee0a2918ce21f49987ed182dca8462b7bb82449dbbeb6d51f051377f2bd7225a022304447a4660b70415f9c2ef6744c0973f6360632
|
data/lib/samlsso/saml_message.rb
CHANGED
|
@@ -63,13 +63,13 @@ module Samlsso
|
|
|
63
63
|
validation_error("XML document seems to be malformed and does not have correct Nodes")
|
|
64
64
|
else
|
|
65
65
|
encrypted_assertion.remove
|
|
66
|
-
decrypted_doc.root.add_child(assertion.last)
|
|
66
|
+
decrypted_doc.root.add_child(assertion.last.clone)
|
|
67
67
|
return decrypted_doc.to_xml.squish
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
return decoded_saml
|
|
71
71
|
end
|
|
72
|
-
|
|
72
|
+
|
|
73
73
|
def decode_raw_saml(saml)
|
|
74
74
|
if saml =~ /^</
|
|
75
75
|
return saml
|
data/lib/samlsso/version.rb
CHANGED
data/lib/xml_security.rb
CHANGED
|
@@ -208,7 +208,8 @@ module XMLSecurity
|
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
# verify signature
|
|
211
|
-
signed_info_element
|
|
211
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
|
|
212
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
|
|
212
213
|
noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
|
|
213
214
|
noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
|
|
214
215
|
canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
@@ -216,33 +217,66 @@ module XMLSecurity
|
|
|
216
217
|
noko_sig_element.remove
|
|
217
218
|
|
|
218
219
|
# check digests
|
|
219
|
-
REXML::XPath.
|
|
220
|
-
|
|
220
|
+
if REXML::XPath.first(@sig_element, "//ds:Reference", {"ds"=>DSIG})
|
|
221
|
+
REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
|
|
222
|
+
uri = ref.attributes.get_attribute("URI").value
|
|
221
223
|
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
224
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
|
225
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
226
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
|
225
227
|
|
|
226
|
-
|
|
228
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
|
229
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
|
230
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
|
227
231
|
|
|
228
|
-
|
|
229
|
-
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
|
|
232
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
|
230
233
|
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
|
235
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
|
236
|
+
digest_value = Base64.decode64(base64_digest.text)
|
|
237
|
+
|
|
238
|
+
unless digests_match?(hash, digest_value)
|
|
239
|
+
@errors << "Digest mismatch"
|
|
240
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
|
241
|
+
end
|
|
242
|
+
end
|
|
243
|
+
else
|
|
244
|
+
REXML::XPath.each(@sig_element, "//ds:Reference") do |ref|
|
|
245
|
+
uri = ref.attributes.get_attribute("URI").value
|
|
246
|
+
|
|
247
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
|
248
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
249
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
|
250
|
+
|
|
251
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
|
252
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
|
253
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
|
254
|
+
|
|
255
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
|
256
|
+
|
|
257
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
|
258
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
|
259
|
+
digest_value = Base64.decode64(base64_digest.text)
|
|
260
|
+
|
|
261
|
+
unless digests_match?(hash, digest_value)
|
|
262
|
+
@errors << "Digest mismatch"
|
|
263
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
|
264
|
+
end
|
|
234
265
|
end
|
|
235
266
|
end
|
|
236
267
|
|
|
237
|
-
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
|
238
|
-
|
|
268
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
|
269
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
|
|
270
|
+
signature = Base64.decode64(base64_signature.text)
|
|
239
271
|
|
|
240
272
|
# get certificate object
|
|
241
273
|
cert_text = Base64.decode64(base64_cert)
|
|
242
274
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
243
275
|
|
|
244
276
|
# signature method
|
|
245
|
-
|
|
277
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
|
|
278
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
|
|
279
|
+
signature_algorithm = algorithm(signature_method)
|
|
246
280
|
|
|
247
281
|
unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
|
|
248
282
|
@errors << "Key validation error"
|
|
@@ -273,4 +307,4 @@ module XMLSecurity
|
|
|
273
307
|
end
|
|
274
308
|
|
|
275
309
|
end
|
|
276
|
-
end
|
|
310
|
+
end
|
data/samlsso-0.1.4.gem
ADDED
|
Binary file
|
data/samlsso-0.1.5.gem
ADDED
|
Binary file
|
data/samlsso-0.1.6.gem
ADDED
|
Binary file
|
data/samlsso-0.1.7.gem
ADDED
|
Binary file
|
data/samlsso.gemspec
CHANGED
|
@@ -29,16 +29,9 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
|
|
30
30
|
spec.add_runtime_dependency("uuid", ["~> 2.3"])
|
|
31
31
|
spec.add_runtime_dependency("xmlenc", ["~> 0.6.4"])
|
|
32
|
-
|
|
33
|
-
# 1.8.7
|
|
34
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
|
|
35
|
-
spec.add_development_dependency('timecop', '<= 0.6.0')
|
|
36
|
-
else
|
|
37
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
|
|
38
|
-
spec.add_development_dependency('timecop', '~> 0.7.2')
|
|
39
|
-
end
|
|
40
|
-
|
|
32
|
+
spec.add_runtime_dependency('nokogiri', '~> 1.10.8')
|
|
41
33
|
|
|
42
|
-
spec.add_development_dependency "bundler", "~> 1.
|
|
43
|
-
spec.add_development_dependency "rake", "~>
|
|
34
|
+
spec.add_development_dependency "bundler", "~> 2.1.2"
|
|
35
|
+
spec.add_development_dependency "rake", "~> 12.3.3"
|
|
36
|
+
spec.add_development_dependency "nokogiri", ">= 1.10.8"
|
|
44
37
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: samlsso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Siddhartha Mukherjee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: uuid
|
|
@@ -44,56 +44,56 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.
|
|
47
|
+
version: 1.10.8
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.
|
|
54
|
+
version: 1.10.8
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: bundler
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 2.1.2
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 2.1.2
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: rake
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version:
|
|
75
|
+
version: 12.3.3
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
82
|
+
version: 12.3.3
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
84
|
+
name: nokogiri
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
-
- - "
|
|
87
|
+
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
89
|
+
version: 1.10.8
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
|
-
- - "
|
|
94
|
+
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
96
|
+
version: 1.10.8
|
|
97
97
|
description: SAML SSO for Ruby
|
|
98
98
|
email:
|
|
99
99
|
- mukherjee.siddhartha@gmail.com
|
|
@@ -139,6 +139,10 @@ files:
|
|
|
139
139
|
- lib/schemas/xml.xsd
|
|
140
140
|
- lib/schemas/xmldsig-core-schema.xsd
|
|
141
141
|
- lib/xml_security.rb
|
|
142
|
+
- samlsso-0.1.4.gem
|
|
143
|
+
- samlsso-0.1.5.gem
|
|
144
|
+
- samlsso-0.1.6.gem
|
|
145
|
+
- samlsso-0.1.7.gem
|
|
142
146
|
- samlsso.gemspec
|
|
143
147
|
homepage: https://github.com/siddhartham/samlsso
|
|
144
148
|
licenses:
|
|
@@ -160,8 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
160
164
|
- !ruby/object:Gem::Version
|
|
161
165
|
version: '0'
|
|
162
166
|
requirements: []
|
|
163
|
-
|
|
164
|
-
rubygems_version: 2.5.1
|
|
167
|
+
rubygems_version: 3.1.2
|
|
165
168
|
signing_key:
|
|
166
169
|
specification_version: 4
|
|
167
170
|
summary: SAML SSO for Ruby
|