samlsso 0.1.4 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/samlsso/version.rb +1 -1
- data/lib/xml_security.rb +50 -16
- data/samlsso-0.1.4.gem +0 -0
- data/samlsso-0.1.5.gem +0 -0
- data/samlsso-0.1.6.gem +0 -0
- data/samlsso-0.1.7.gem +0 -0
- data/samlsso-0.1.8.gem +0 -0
- data/samlsso.gemspec +2 -2
- metadata +10 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 567792966ad8b41b2b5f1d29a33c63b2e005b42b31f3c270ebf443fe0b131ee6
|
4
|
+
data.tar.gz: 4973e6f287663dc65d8c48c1381ca1a6f524c3089b790ad3a52f8598266cf266
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60e7d2e2f9a5847d5b7d8427ad8f1246440b4bbb577f41f30fd05a0f62bc485519dab5da0646e2ea7799ac79e48594eafa331b38f30e6dd7b36324b052d37114
|
7
|
+
data.tar.gz: d2a1e81a0d4fc46ad53b8dc17516c1fa250942e46bebbac32f093aebffdfa3896c8f92091e868603f90bed19d6f2249057ba9c6833db9ad7013c51375d383ba7
|
data/lib/samlsso/version.rb
CHANGED
data/lib/xml_security.rb
CHANGED
@@ -208,7 +208,8 @@ module XMLSecurity
|
|
208
208
|
end
|
209
209
|
|
210
210
|
# verify signature
|
211
|
-
signed_info_element
|
211
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
|
212
|
+
signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
|
212
213
|
noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
|
213
214
|
noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
|
214
215
|
canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
@@ -216,33 +217,66 @@ module XMLSecurity
|
|
216
217
|
noko_sig_element.remove
|
217
218
|
|
218
219
|
# check digests
|
219
|
-
REXML::XPath.
|
220
|
-
|
220
|
+
if REXML::XPath.first(@sig_element, "//ds:Reference", {"ds"=>DSIG})
|
221
|
+
REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
|
222
|
+
uri = ref.attributes.get_attribute("URI").value
|
221
223
|
|
222
|
-
|
223
|
-
|
224
|
-
|
224
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
225
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
226
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
225
227
|
|
226
|
-
|
228
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
229
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
230
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
227
231
|
|
228
|
-
|
229
|
-
digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
|
232
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
230
233
|
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
235
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
236
|
+
digest_value = Base64.decode64(base64_digest.text)
|
237
|
+
|
238
|
+
unless digests_match?(hash, digest_value)
|
239
|
+
@errors << "Digest mismatch"
|
240
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
241
|
+
end
|
242
|
+
end
|
243
|
+
else
|
244
|
+
REXML::XPath.each(@sig_element, "//ds:Reference") do |ref|
|
245
|
+
uri = ref.attributes.get_attribute("URI").value
|
246
|
+
|
247
|
+
hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
|
248
|
+
canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
|
249
|
+
canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
|
250
|
+
|
251
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
|
252
|
+
digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
|
253
|
+
digest_algorithm = algorithm(digest_algorithm_str)
|
254
|
+
|
255
|
+
hash = digest_algorithm.digest(canon_hashed_element)
|
256
|
+
|
257
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
|
258
|
+
base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
|
259
|
+
digest_value = Base64.decode64(base64_digest.text)
|
260
|
+
|
261
|
+
unless digests_match?(hash, digest_value)
|
262
|
+
@errors << "Digest mismatch"
|
263
|
+
return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
|
264
|
+
end
|
234
265
|
end
|
235
266
|
end
|
236
267
|
|
237
|
-
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
238
|
-
|
268
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
|
269
|
+
base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
|
270
|
+
signature = Base64.decode64(base64_signature.text)
|
239
271
|
|
240
272
|
# get certificate object
|
241
273
|
cert_text = Base64.decode64(base64_cert)
|
242
274
|
cert = OpenSSL::X509::Certificate.new(cert_text)
|
243
275
|
|
244
276
|
# signature method
|
245
|
-
|
277
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
|
278
|
+
signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
|
279
|
+
signature_algorithm = algorithm(signature_method)
|
246
280
|
|
247
281
|
unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
|
248
282
|
@errors << "Key validation error"
|
@@ -273,4 +307,4 @@ module XMLSecurity
|
|
273
307
|
end
|
274
308
|
|
275
309
|
end
|
276
|
-
end
|
310
|
+
end
|
data/samlsso-0.1.4.gem
ADDED
Binary file
|
data/samlsso-0.1.5.gem
ADDED
Binary file
|
data/samlsso-0.1.6.gem
ADDED
Binary file
|
data/samlsso-0.1.7.gem
ADDED
Binary file
|
data/samlsso-0.1.8.gem
ADDED
Binary file
|
data/samlsso.gemspec
CHANGED
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
|
|
31
31
|
spec.add_runtime_dependency("xmlenc", ["~> 0.6.4"])
|
32
32
|
if RUBY_VERSION < '1.9'
|
33
33
|
# 1.8.7
|
34
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.
|
34
|
+
spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
|
35
35
|
spec.add_development_dependency('timecop', '<= 0.6.0')
|
36
36
|
else
|
37
|
-
spec.add_runtime_dependency('nokogiri', '~> 1.
|
37
|
+
spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
|
38
38
|
spec.add_development_dependency('timecop', '~> 0.7.2')
|
39
39
|
end
|
40
40
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: samlsso
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Siddhartha Mukherjee
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: uuid
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.8.5
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.8.5
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: timecop
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -139,6 +139,11 @@ files:
|
|
139
139
|
- lib/schemas/xml.xsd
|
140
140
|
- lib/schemas/xmldsig-core-schema.xsd
|
141
141
|
- lib/xml_security.rb
|
142
|
+
- samlsso-0.1.4.gem
|
143
|
+
- samlsso-0.1.5.gem
|
144
|
+
- samlsso-0.1.6.gem
|
145
|
+
- samlsso-0.1.7.gem
|
146
|
+
- samlsso-0.1.8.gem
|
142
147
|
- samlsso.gemspec
|
143
148
|
homepage: https://github.com/siddhartham/samlsso
|
144
149
|
licenses:
|
@@ -160,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
160
165
|
- !ruby/object:Gem::Version
|
161
166
|
version: '0'
|
162
167
|
requirements: []
|
163
|
-
|
164
|
-
rubygems_version: 2.5.1
|
168
|
+
rubygems_version: 3.1.2
|
165
169
|
signing_key:
|
166
170
|
specification_version: 4
|
167
171
|
summary: SAML SSO for Ruby
|