Commit 19543e1
2017-11-19 20:34:48
1 parent
d8eaac5
Changed files (3)
saml-kit
lib
saml-kit/lib/saml/kit/http_redirect_binding.rb
@@ -31,7 +31,7 @@ module Saml
def ensure_valid_signature!(params, document)
return if params['Signature'].blank? || params['SigAlg'].blank?
- signature = Base64.decode64(params['Signature'])
+ signature = decode(params['Signature'])
canonical_form = ['SAMLRequest', 'SAMLResponse', 'RelayState', 'SigAlg'].map do |key|
value = params[key]
value.present? ? "#{key}=#{value}" : nil
saml-kit/lib/saml/kit/serializable.rb
@@ -14,6 +14,7 @@ module Saml
inflater.inflate(value)
end
+ # drop header and checksum as per spec.
def deflate(value, level: Zlib::BEST_COMPRESSION)
Zlib::Deflate.deflate(value, level)[2..-5]
end
@@ -21,6 +22,10 @@ module Saml
def unescape(value)
CGI.unescape(value)
end
+
+ def escape(value)
+ CGI.escape(value)
+ end
end
end
end
saml-kit/lib/saml/kit/url_builder.rb
@@ -1,6 +1,8 @@
module Saml
module Kit
class UrlBuilder
+ include Serializable
+
def initialize(private_key: Saml::Kit.configuration.signing_private_key)
@private_key = private_key
end
@@ -15,7 +17,7 @@ module Saml
attr_reader :private_key
def signature_for(payload)
- Base64.strict_encode64(private_key.sign(OpenSSL::Digest::SHA256.new, payload))
+ encode(private_key.sign(OpenSSL::Digest::SHA256.new, payload))
end
def canonicalize(saml_document, relay_state)
@@ -24,22 +26,13 @@ module Saml
'RelayState' => relay_state,
'SigAlg' => Saml::Kit::Namespaces::SHA256,
}.map do |(key, value)|
- value.present? ? "#{key}=#{CGI.escape(value)}" : nil
+ value.present? ? "#{key}=#{escape(value)}" : nil
end.compact.join('&')
end
def serialize(value)
encode(deflate(value))
end
-
- # drop header and checksum as per spec.
- def deflate(value, level: Zlib::BEST_COMPRESSION)
- Zlib::Deflate.deflate(value, level)[2..-5]
- end
-
- def encode(value)
- Base64.strict_encode64(value)
- end
end
end
end