samlsso 0.1.3 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/samlsso/saml_message.rb +2 -2
- data/lib/samlsso/version.rb +1 -1
- data/lib/xml_security.rb +50 -16
- data/samlsso-0.1.4.gem +0 -0
- data/samlsso-0.1.5.gem +0 -0
- data/samlsso-0.1.6.gem +0 -0
- data/samlsso-0.1.7.gem +0 -0
- data/samlsso.gemspec +4 -11
- metadata +20 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4e498a0d35bed7c8d8c4f432b34fc9494067f202dbf852a99a88617bb9f83ab6
|
|
4
|
+
data.tar.gz: 9c6c0ed8bcb706dba9e41f756d9f4e7fc3e2029009f54d2647c55a11f6d0781c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23180bf12ae60f4457abc0219f78de41406d54e8a40cf49a373c175bf111acd5a50bae20252c7aca3bdaef74fe4fa9530bed2b3a6558415f8f7da9780f007cd5
|
|
7
|
+
data.tar.gz: 71718a357e8fa6576243dee0a2918ce21f49987ed182dca8462b7bb82449dbbeb6d51f051377f2bd7225a022304447a4660b70415f9c2ef6744c0973f6360632
|
data/lib/samlsso/saml_message.rb
CHANGED
|
@@ -63,13 +63,13 @@ module Samlsso
|
|
|
63
63
|
validation_error("XML document seems to be malformed and does not have correct Nodes")
|
|
64
64
|
else
|
|
65
65
|
encrypted_assertion.remove
|
|
66
|
-
decrypted_doc.root.add_child(assertion.last)
|
|
66
|
+
decrypted_doc.root.add_child(assertion.last.clone)
|
|
67
67
|
return decrypted_doc.to_xml.squish
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
return decoded_saml
|
|
71
71
|
end
|
|
72
|
-
|
|
72
|
+
|
|
73
73
|
def decode_raw_saml(saml)
|
|
74
74
|
if saml =~ /^</
|
|
75
75
|
return saml
|
data/lib/samlsso/version.rb
CHANGED
data/lib/xml_security.rb
CHANGED
|
@@ -208,7 +208,8 @@ module XMLSecurity
|
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
# verify signature
|
|
211
|
-
signed_info_element
|
|
211
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
|
|
212
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
|
|
212
213
|
noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
|
|
213
214
|
noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
|
|
214
215
|
canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
@@ -216,33 +217,66 @@ module XMLSecurity
|
|
|
216
217
|
noko_sig_element.remove
|
|
217
218
|
|
|
218
219
|
# check digests
|
|
219
|
-
REXML::XPath.
|
|
220
|
-
|
|
220
|
+
if REXML::XPath.first(@sig_element, "//ds:Reference", {"ds"=>DSIG})
|
|
221
|
+
REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
|
|
222
|
+
uri = ref.attributes.get_attribute("URI").value
|
|
221
223
|
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
224
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
|
225
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
226
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
|
225
227
|
|
|
226
|
-
|
|
228
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
|
229
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
|
230
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
|
227
231
|
|
|
228
|
-
|
|
229
|
-
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
|
|
232
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
|
230
233
|
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
|
235
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
|
236
|
+
digest_value = Base64.decode64(base64_digest.text)
|
|
237
|
+
|
|
238
|
+
unless digests_match?(hash, digest_value)
|
|
239
|
+
@errors << "Digest mismatch"
|
|
240
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
|
241
|
+
end
|
|
242
|
+
end
|
|
243
|
+
else
|
|
244
|
+
REXML::XPath.each(@sig_element, "//ds:Reference") do |ref|
|
|
245
|
+
uri = ref.attributes.get_attribute("URI").value
|
|
246
|
+
|
|
247
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
|
248
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
|
249
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
|
250
|
+
|
|
251
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
|
252
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
|
253
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
|
254
|
+
|
|
255
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
|
256
|
+
|
|
257
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
|
258
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
|
259
|
+
digest_value = Base64.decode64(base64_digest.text)
|
|
260
|
+
|
|
261
|
+
unless digests_match?(hash, digest_value)
|
|
262
|
+
@errors << "Digest mismatch"
|
|
263
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
|
264
|
+
end
|
|
234
265
|
end
|
|
235
266
|
end
|
|
236
267
|
|
|
237
|
-
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
|
238
|
-
|
|
268
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
|
269
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
|
|
270
|
+
signature = Base64.decode64(base64_signature.text)
|
|
239
271
|
|
|
240
272
|
# get certificate object
|
|
241
273
|
cert_text = Base64.decode64(base64_cert)
|
|
242
274
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
|
243
275
|
|
|
244
276
|
# signature method
|
|
245
|
-
|
|
277
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
|
|
278
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
|
|
279
|
+
signature_algorithm = algorithm(signature_method)
|
|
246
280
|
|
|
247
281
|
unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
|
|
248
282
|
@errors << "Key validation error"
|
|
@@ -273,4 +307,4 @@ module XMLSecurity
|
|
|
273
307
|
end
|
|
274
308
|
|
|
275
309
|
end
|
|
276
|
-
end
|
|
310
|
+
end
|
data/samlsso-0.1.4.gem
ADDED
|
Binary file
|
data/samlsso-0.1.5.gem
ADDED
|
Binary file
|
data/samlsso-0.1.6.gem
ADDED
|
Binary file
|
data/samlsso-0.1.7.gem
ADDED
|
Binary file
|
data/samlsso.gemspec
CHANGED
|
@@ -29,16 +29,9 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
|
|
30
30
|
spec.add_runtime_dependency("uuid", ["~> 2.3"])
|
|
31
31
|
spec.add_runtime_dependency("xmlenc", ["~> 0.6.4"])
|
|
32
|
-
|
|
33
|
-
# 1.8.7
|
|
34
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
|
|
35
|
-
spec.add_development_dependency('timecop', '<= 0.6.0')
|
|
36
|
-
else
|
|
37
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
|
|
38
|
-
spec.add_development_dependency('timecop', '~> 0.7.2')
|
|
39
|
-
end
|
|
40
|
-
|
|
32
|
+
spec.add_runtime_dependency('nokogiri', '~> 1.10.8')
|
|
41
33
|
|
|
42
|
-
spec.add_development_dependency "bundler", "~> 1.
|
|
43
|
-
spec.add_development_dependency "rake", "~>
|
|
34
|
+
spec.add_development_dependency "bundler", "~> 2.1.2"
|
|
35
|
+
spec.add_development_dependency "rake", "~> 12.3.3"
|
|
36
|
+
spec.add_development_dependency "nokogiri", ">= 1.10.8"
|
|
44
37
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: samlsso
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Siddhartha Mukherjee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: uuid
|
|
@@ -44,56 +44,56 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.
|
|
47
|
+
version: 1.10.8
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.
|
|
54
|
+
version: 1.10.8
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: bundler
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 2.1.2
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 2.1.2
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: rake
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version:
|
|
75
|
+
version: 12.3.3
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version:
|
|
82
|
+
version: 12.3.3
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
84
|
+
name: nokogiri
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
-
- - "
|
|
87
|
+
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version:
|
|
89
|
+
version: 1.10.8
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
|
-
- - "
|
|
94
|
+
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
96
|
+
version: 1.10.8
|
|
97
97
|
description: SAML SSO for Ruby
|
|
98
98
|
email:
|
|
99
99
|
- mukherjee.siddhartha@gmail.com
|
|
@@ -139,6 +139,10 @@ files:
|
|
|
139
139
|
- lib/schemas/xml.xsd
|
|
140
140
|
- lib/schemas/xmldsig-core-schema.xsd
|
|
141
141
|
- lib/xml_security.rb
|
|
142
|
+
- samlsso-0.1.4.gem
|
|
143
|
+
- samlsso-0.1.5.gem
|
|
144
|
+
- samlsso-0.1.6.gem
|
|
145
|
+
- samlsso-0.1.7.gem
|
|
142
146
|
- samlsso.gemspec
|
|
143
147
|
homepage: https://github.com/siddhartham/samlsso
|
|
144
148
|
licenses:
|
|
@@ -160,8 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
160
164
|
- !ruby/object:Gem::Version
|
|
161
165
|
version: '0'
|
|
162
166
|
requirements: []
|
|
163
|
-
|
|
164
|
-
rubygems_version: 2.5.1
|
|
167
|
+
rubygems_version: 3.1.2
|
|
165
168
|
signing_key:
|
|
166
169
|
specification_version: 4
|
|
167
170
|
summary: SAML SSO for Ruby
|