samlsso 0.1.4 → 0.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +5 -5
  2. data/lib/samlsso/version.rb +1 -1
  3. data/lib/xml_security.rb +50 -16
  4. data/samlsso-0.1.4.gem +0 -0
  5. data/samlsso-0.1.5.gem +0 -0
  6. data/samlsso-0.1.6.gem +0 -0
  7. data/samlsso-0.1.7.gem +0 -0
  8. data/samlsso-0.1.8.gem +0 -0
  9. data/samlsso.gemspec +2 -2
  10. metadata +10 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: c4726e197c2a864889bce4358e93bdd5b7df30fb
4
- data.tar.gz: 11171ba18c677689f9eb6a872c61a16760de99a4
2
+ SHA256:
3
+ metadata.gz: 567792966ad8b41b2b5f1d29a33c63b2e005b42b31f3c270ebf443fe0b131ee6
4
+ data.tar.gz: 4973e6f287663dc65d8c48c1381ca1a6f524c3089b790ad3a52f8598266cf266
5
5
  SHA512:
6
- metadata.gz: f9025569164d30991dbcc92a68b14ac1b3039a13f196947c4bb55b191a9a1480d6fbefe3bba859f2aa0fd3bd9df660111814da9d6c39cf3cb73deb0726e2e9ea
7
- data.tar.gz: 506f296e5c1d651bec2ed9dcabad771ba231d27baea38700fd0873256ca537c365263fff569c6c81225dd3c3d7ed75ad65c29383e426f03775878189b27fffa6
6
+ metadata.gz: 60e7d2e2f9a5847d5b7d8427ad8f1246440b4bbb577f41f30fd05a0f62bc485519dab5da0646e2ea7799ac79e48594eafa331b38f30e6dd7b36324b052d37114
7
+ data.tar.gz: d2a1e81a0d4fc46ad53b8dc17516c1fa250942e46bebbac32f093aebffdfa3896c8f92091e868603f90bed19d6f2249057ba9c6833db9ad7013c51375d383ba7
data/lib/samlsso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Samlsso
2
- VERSION = "0.1.4"
2
+ VERSION = "0.1.9"
3
3
  end
data/lib/xml_security.rb CHANGED
@@ -208,7 +208,8 @@ module XMLSecurity
208
208
  end
209
209
 
210
210
  # verify signature
211
- signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
211
+ signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
212
+ signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
212
213
  noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
213
214
  noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
214
215
  canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
@@ -216,33 +217,66 @@ module XMLSecurity
216
217
  noko_sig_element.remove
217
218
 
218
219
  # check digests
219
- REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
220
- uri = ref.attributes.get_attribute("URI").value
220
+ if REXML::XPath.first(@sig_element, "//ds:Reference", {"ds"=>DSIG})
221
+ REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
222
+ uri = ref.attributes.get_attribute("URI").value
221
223
 
222
- hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
223
- canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
224
- canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
224
+ hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
225
+ canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
226
+ canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
225
227
 
226
- digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG))
228
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
229
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
230
+ digest_algorithm = algorithm(digest_algorithm_str)
227
231
 
228
- hash = digest_algorithm.digest(canon_hashed_element)
229
- digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
232
+ hash = digest_algorithm.digest(canon_hashed_element)
230
233
 
231
- unless digests_match?(hash, digest_value)
232
- @errors << "Digest mismatch"
233
- return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
234
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
235
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
236
+ digest_value = Base64.decode64(base64_digest.text)
237
+
238
+ unless digests_match?(hash, digest_value)
239
+ @errors << "Digest mismatch"
240
+ return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
241
+ end
242
+ end
243
+ else
244
+ REXML::XPath.each(@sig_element, "//ds:Reference") do |ref|
245
+ uri = ref.attributes.get_attribute("URI").value
246
+
247
+ hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
248
+ canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
249
+ canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
250
+
251
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
252
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
253
+ digest_algorithm = algorithm(digest_algorithm_str)
254
+
255
+ hash = digest_algorithm.digest(canon_hashed_element)
256
+
257
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
258
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
259
+ digest_value = Base64.decode64(base64_digest.text)
260
+
261
+ unless digests_match?(hash, digest_value)
262
+ @errors << "Digest mismatch"
263
+ return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
264
+ end
234
265
  end
235
266
  end
236
267
 
237
- base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
238
- signature = Base64.decode64(base64_signature)
268
+ base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
269
+ base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
270
+ signature = Base64.decode64(base64_signature.text)
239
271
 
240
272
  # get certificate object
241
273
  cert_text = Base64.decode64(base64_cert)
242
274
  cert = OpenSSL::X509::Certificate.new(cert_text)
243
275
 
244
276
  # signature method
245
- signature_algorithm = algorithm(REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG}))
277
+ signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
278
+ signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
279
+ signature_algorithm = algorithm(signature_method)
246
280
 
247
281
  unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
248
282
  @errors << "Key validation error"
@@ -273,4 +307,4 @@ module XMLSecurity
273
307
  end
274
308
 
275
309
  end
276
- end
310
+ end
data/samlsso-0.1.4.gem ADDED
Binary file
data/samlsso-0.1.5.gem ADDED
Binary file
data/samlsso-0.1.6.gem ADDED
Binary file
data/samlsso-0.1.7.gem ADDED
Binary file
data/samlsso-0.1.8.gem ADDED
Binary file
data/samlsso.gemspec CHANGED
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
31
31
  spec.add_runtime_dependency("xmlenc", ["~> 0.6.4"])
32
32
  if RUBY_VERSION < '1.9'
33
33
  # 1.8.7
34
- spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
34
+ spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
35
35
  spec.add_development_dependency('timecop', '<= 0.6.0')
36
36
  else
37
- spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
37
+ spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
38
38
  spec.add_development_dependency('timecop', '~> 0.7.2')
39
39
  end
40
40
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: samlsso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Siddhartha Mukherjee
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-09-23 00:00:00.000000000 Z
11
+ date: 2020-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: uuid
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.6.0
47
+ version: 1.8.5
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.6.0
54
+ version: 1.8.5
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: timecop
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -139,6 +139,11 @@ files:
139
139
  - lib/schemas/xml.xsd
140
140
  - lib/schemas/xmldsig-core-schema.xsd
141
141
  - lib/xml_security.rb
142
+ - samlsso-0.1.4.gem
143
+ - samlsso-0.1.5.gem
144
+ - samlsso-0.1.6.gem
145
+ - samlsso-0.1.7.gem
146
+ - samlsso-0.1.8.gem
142
147
  - samlsso.gemspec
143
148
  homepage: https://github.com/siddhartham/samlsso
144
149
  licenses:
@@ -160,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
165
  - !ruby/object:Gem::Version
161
166
  version: '0'
162
167
  requirements: []
163
- rubyforge_project:
164
- rubygems_version: 2.5.1
168
+ rubygems_version: 3.1.2
165
169
  signing_key:
166
170
  specification_version: 4
167
171
  summary: SAML SSO for Ruby