RubyGems - samlsso - Versions diffs - 0.1.4 → 0.1.5 - Mend

samlsso 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c4726e197c2a864889bce4358e93bdd5b7df30fb
-  data.tar.gz: 11171ba18c677689f9eb6a872c61a16760de99a4
+  metadata.gz: 2c479c3d00dab26b27abac39e977a53d0f00d94f
+  data.tar.gz: c7a702cbac650ccda58721c97d5ab74731b8bf49
 SHA512:
-  metadata.gz: f9025569164d30991dbcc92a68b14ac1b3039a13f196947c4bb55b191a9a1480d6fbefe3bba859f2aa0fd3bd9df660111814da9d6c39cf3cb73deb0726e2e9ea
-  data.tar.gz: 506f296e5c1d651bec2ed9dcabad771ba231d27baea38700fd0873256ca537c365263fff569c6c81225dd3c3d7ed75ad65c29383e426f03775878189b27fffa6
+  metadata.gz: 0be017698f649229731f2787dfedfcfb0e8f0935096ffddf998d7920e51871158882acde73dcac1b4a575a3b3b61e06da6bd70fa42221fe4e0290048244bd328
+  data.tar.gz: 1b3308dac45366ede2aacafaea28ebc19ec17bd9c7ca0e1cecc9a2d3e958b73e5902669db5351383be6abae3bcbe6e8fe05e83affe48d30be0f2fc37169c11a7

data/lib/samlsso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Samlsso
-  VERSION = "0.1.4"
+  VERSION = "0.1.5"
 end

data/lib/xml_security.rb CHANGED Viewed

@@ -208,7 +208,8 @@ module XMLSecurity
       end
       # verify signature
-      signed_info_element     = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
+      signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo", {"ds"=>DSIG})
+      signed_info_element = REXML::XPath.first(@sig_element, "//ds:SignedInfo") unless signed_info_element
       noko_sig_element = document.at_xpath('//ds:Signature', 'ds' => DSIG)
       noko_signed_info_element = noko_sig_element.at_xpath('./ds:SignedInfo', 'ds' => DSIG)
       canon_algorithm = canon_algorithm REXML::XPath.first(@sig_element, '//ds:CanonicalizationMethod', 'ds' => DSIG)
@@ -216,7 +217,9 @@ module XMLSecurity
       noko_sig_element.remove
       # check digests
-      REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
+      tmp = REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG})
+      tmp = REXML::XPath.each(@sig_element, "//ds:Reference") unless tmp.count > 0
+      tmp do |ref|
         uri                           = ref.attributes.get_attribute("URI").value
         hashed_element                = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
@@ -226,7 +229,10 @@ module XMLSecurity
         digest_algorithm              = algorithm(REXML::XPath.first(ref, "//ds:DigestMethod", 'ds' => DSIG))
         hash                          = digest_algorithm.digest(canon_hashed_element)
-        digest_value                  = Base64.decode64(REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG}).text)
+        base64_digest                 = REXML::XPath.first(ref, "//ds:DigestValue", {"ds"=>DSIG})
+        base64_digest                 = REXML::XPath.first(ref, "//ds:DigestValue") unless base64_digest
+        digest_value                  = Base64.decode64(base64_digest.text)
         unless digests_match?(hash, digest_value)
           @errors << "Digest mismatch"
@@ -234,15 +240,18 @@ module XMLSecurity
         end
       end
-      base64_signature        = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG}).text
-      signature               = Base64.decode64(base64_signature)
+      base64_signature        = REXML::XPath.first(@sig_element, "//ds:SignatureValue", {"ds"=>DSIG})
+      base64_signature        = REXML::XPath.first(@sig_element, "//ds:SignatureValue") unless base64_signature
+      signature               = Base64.decode64(base64_signature.text)
       # get certificate object
       cert_text               = Base64.decode64(base64_cert)
       cert                    = OpenSSL::X509::Certificate.new(cert_text)
       # signature method
-      signature_algorithm     = algorithm(REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG}))
+      signature_method          = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod", {"ds"=>DSIG})
+      signature_method          = REXML::XPath.first(signed_info_element, "//ds:SignatureMethod") unless signature_method
+      signature_algorithm       = algorithm(signature_method)
       unless cert.public_key.verify(signature_algorithm.new, signature, canon_string)
         @errors << "Key validation error"
@@ -273,4 +282,4 @@ module XMLSecurity
     end
   end
-end
+end

data/samlsso-0.1.4.gem ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: samlsso
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Siddhartha Mukherjee
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-09-23 00:00:00.000000000 Z
+date: 2017-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuid
@@ -139,6 +139,7 @@ files:
 - lib/schemas/xml.xsd
 - lib/schemas/xmldsig-core-schema.xsd
 - lib/xml_security.rb
+- samlsso-0.1.4.gem
 - samlsso.gemspec
 homepage: https://github.com/siddhartham/samlsso
 licenses:
@@ -161,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: SAML SSO for Ruby