samlsso 0.1.4 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +5 -5
  2. data/lib/samlsso/version.rb +1 -1
  3. data/lib/xml_security.rb +50 -16
  4. data/samlsso-0.1.4.gem +0 -0
  5. data/samlsso-0.1.5.gem +0 -0
  6. data/samlsso-0.1.6.gem +0 -0
  7. data/samlsso-0.1.7.gem +0 -0
  8. data/samlsso-0.1.8.gem +0 -0
  9. data/samlsso.gemspec +2 -2
  10. metadata +10 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: c4726e197c2a864889bce4358e93bdd5b7df30fb
4
- data.tar.gz: 11171ba18c677689f9eb6a872c61a16760de99a4
2
+ SHA256:
3
+ metadata.gz: 567792966ad8b41b2b5f1d29a33c63b2e005b42b31f3c270ebf443fe0b131ee6
4
+ data.tar.gz: 4973e6f287663dc65d8c48c1381ca1a6f524c3089b790ad3a52f8598266cf266
5
5
  SHA512:
6
- metadata.gz: f9025569164d30991dbcc92a68b14ac1b3039a13f196947c4bb55b191a9a1480d6fbefe3bba859f2aa0fd3bd9df660111814da9d6c39cf3cb73deb0726e2e9ea
7
- data.tar.gz: 506f296e5c1d651bec2ed9dcabad771ba231d27baea38700fd0873256ca537c365263fff569c6c81225dd3c3d7ed75ad65c29383e426f03775878189b27fffa6
6
+ metadata.gz: 60e7d2e2f9a5847d5b7d8427ad8f1246440b4bbb577f41f30fd05a0f62bc485519dab5da0646e2ea7799ac79e48594eafa331b38f30e6dd7b36324b052d37114
7
+ data.tar.gz: d2a1e81a0d4fc46ad53b8dc17516c1fa250942e46bebbac32f093aebffdfa3896c8f92091e868603f90bed19d6f2249057ba9c6833db9ad7013c51375d383ba7
data/lib/samlsso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Samlsso
2
- VERSION = "0.1.4"
2
+ VERSION = "0.1.9"
3
3
  end
data/lib/xml_security.rb CHANGED
@@ -208,7 +208,8 @@ module XMLSecurity
208
208
  end
209
209
 
210
210
  # verify signature
211
- signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
211
+ signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
212
+ signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
212
213
  noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
213
214
  noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
214
215
  canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
@@ -216,33 +217,66 @@ module XMLSecurity
216
217
  noko_sig_element.remove
217
218
 
218
219
  # check digests
219
- REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
220
- uri = ref.attributes.get_attribute("URI").value
220
+ if REXML::XPath.first(@sig_element, "//ds:Reference", {"ds"=>DSIG})
221
+ REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
222
+ uri = ref.attributes.get_attribute("URI").value
221
223
 
222
- hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
223
- canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
224
- canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
224
+ hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
225
+ canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
226
+ canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
225
227
 
226
- digest_algorithm = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG))
228
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
229
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
230
+ digest_algorithm = algorithm(digest_algorithm_str)
227
231
 
228
- hash = digest_algorithm.digest(canon_hashed_element)
229
- digest_value = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
232
+ hash = digest_algorithm.digest(canon_hashed_element)
230
233
 
231
- unless digests_match?(hash, digest_value)
232
- @errors << "Digest mismatch"
233
- return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
234
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
235
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
236
+ digest_value = Base64.decode64(base64_digest.text)
237
+
238
+ unless digests_match?(hash, digest_value)
239
+ @errors << "Digest mismatch"
240
+ return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
241
+ end
242
+ end
243
+ else
244
+ REXML::XPath.each(@sig_element, "//ds:Reference") do |ref|
245
+ uri = ref.attributes.get_attribute("URI").value
246
+
247
+ hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
248
+ canon_algorithm = canon_algorithm REXML::XPath.first(ref, '//ds:CanonicalizationMethod', 'ds' => DSIG)
249
+ canon_hashed_element = hashed_element.canonicalize(canon_algorithm, inclusive_namespaces)
250
+
251
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG)
252
+ digest_algorithm_str = REXML::XPath.first(ref, "//ds:DigestMethod") unless digest_algorithm_str
253
+ digest_algorithm = algorithm(digest_algorithm_str)
254
+
255
+ hash = digest_algorithm.digest(canon_hashed_element)
256
+
257
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
258
+ base64_digest = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
259
+ digest_value = Base64.decode64(base64_digest.text)
260
+
261
+ unless digests_match?(hash, digest_value)
262
+ @errors << "Digest mismatch"
263
+ return soft ? false : (raise Samlsso::ValidationError.new("Digest mismatch"))
264
+ end
234
265
  end
235
266
  end
236
267
 
237
- base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
238
- signature = Base64.decode64(base64_signature)
268
+ base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
269
+ base64_signature = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
270
+ signature = Base64.decode64(base64_signature.text)
239
271
 
240
272
  # get certificate object
241
273
  cert_text = Base64.decode64(base64_cert)
242
274
  cert = OpenSSL::X509::Certificate.new(cert_text)
243
275
 
244
276
  # signature method
245
- signature_algorithm = algorithm(REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG}))
277
+ signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
278
+ signature_method = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
279
+ signature_algorithm = algorithm(signature_method)
246
280
 
247
281
  unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
248
282
  @errors << "Key validation error"
@@ -273,4 +307,4 @@ module XMLSecurity
273
307
  end
274
308
 
275
309
  end
276
- end
310
+ end
data/samlsso-0.1.4.gem ADDED
Binary file
data/samlsso-0.1.5.gem ADDED
Binary file
data/samlsso-0.1.6.gem ADDED
Binary file
data/samlsso-0.1.7.gem ADDED
Binary file
data/samlsso-0.1.8.gem ADDED
Binary file
data/samlsso.gemspec CHANGED
@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
31
31
  spec.add_runtime_dependency("xmlenc", ["~> 0.6.4"])
32
32
  if RUBY_VERSION < '1.9'
33
33
  # 1.8.7
34
- spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
34
+ spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
35
35
  spec.add_development_dependency('timecop', '<= 0.6.0')
36
36
  else
37
- spec.add_runtime_dependency('nokogiri', '~> 1.6.0')
37
+ spec.add_runtime_dependency('nokogiri', '~> 1.8.5')
38
38
  spec.add_development_dependency('timecop', '~> 0.7.2')
39
39
  end
40
40
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: samlsso
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Siddhartha Mukherjee
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-09-23 00:00:00.000000000 Z
11
+ date: 2020-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: uuid
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.6.0
47
+ version: 1.8.5
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.6.0
54
+ version: 1.8.5
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: timecop
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -139,6 +139,11 @@ files:
139
139
  - lib/schemas/xml.xsd
140
140
  - lib/schemas/xmldsig-core-schema.xsd
141
141
  - lib/xml_security.rb
142
+ - samlsso-0.1.4.gem
143
+ - samlsso-0.1.5.gem
144
+ - samlsso-0.1.6.gem
145
+ - samlsso-0.1.7.gem
146
+ - samlsso-0.1.8.gem
142
147
  - samlsso.gemspec
143
148
  homepage: https://github.com/siddhartham/samlsso
144
149
  licenses:
@@ -160,8 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
160
165
  - !ruby/object:Gem::Version
161
166
  version: '0'
162
167
  requirements: []
163
- rubyforge_project:
164
- rubygems_version: 2.5.1
168
+ rubygems_version: 3.1.2
165
169
  signing_key:
166
170
  specification_version: 4
167
171
  summary: SAML SSO for Ruby