Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DigestMethod lookup bug. #144

Merged
merged 2 commits into from Sep 17, 2014
Merged

Fix DigestMethod lookup bug. #144

merged 2 commits into from Sep 17, 2014

Conversation

curious-attempt-bunny
Copy link
Contributor

Thanks!

Thanks for maintaining the ruby-saml library. This is a great service you're providing. It's been a while since I found a bug in ruby-saml. Here's a fix for this one. I hope you find the tests satisfactory.

Passes validation

<Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
...
<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>

Fails validation with a Digest Mismatch error

<Signature xmlns='http://www.w3.org/2000/09/xmldsig#'>
...
<DigestMethod Algorithm='http://www.w3.org/2001/04/xmlenc#sha256'/>

Details

This bug is masked by sha1 being the default digest_algorithm when the lookup of the DigestMethod fails.

phene
phene reviewed Aug 12, 2014
View reviewed changes
test/xml_security_test.rb
should "correctly obtain the digest method with alternate namespace declaration" do
document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_xmlns, false))
base64cert = document.elements["//X509Certificate"].text
document.validate_signature(base64cert, false)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test should have an assertion and not just rely on an exception not being raised.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please improve this test, @curious-attempt-bunny

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing. What about it do you want to see changed?

Am Sep 9, 2014 um 11:44 AM schrieb Ben notifications@github.com:

In test/xml_security_test.rb:

@@ -52,6 +52,12 @@ class XmlSecurityTest < Test::Unit::TestCase
assert_equal("Key validation error", exception.message)
end

  • should "correctly obtain the digest method with alternate namespace declaration" do
  •  document = XMLSecurity::SignedDocument.new(fixture(:adfs_response_xmlns, false))

  •  base64cert = document.elements["//X509Certificate"].text

  •  document.validate_signature(base64cert, false)
    can you please improve this test, @curious-attempt-bunny


Reply to this email directly or view it on GitHub.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add an actual assertion? like http://apidock.com/ruby/Test/Unit/Assertions/assert_raise

@phene
Copy link
Contributor

phene commented Aug 12, 2014

+1 with a minor suggestion for the test.

@pitbulk
Copy link
Collaborator

pitbulk commented Sep 9, 2014

See also #129

@pitbulk pitbulk mentioned this pull request Sep 9, 2014
Closed
@Lordnibbler
Copy link
Contributor

@luisvm @inakidelamadrid can you guys review? i give 👍 if the test can be improved

@cbshakumar
Copy link

I am currently running into this issue and would really like this bug fix merged.

@curious-attempt-bunny
Copy link
Contributor Author

@phene Done.

@curious-attempt-bunny curious-attempt-bunny mentioned this pull request Sep 16, 2014
Closed
@Lordnibbler
Copy link
Contributor

@pitbulk @luisvm @inakidelamadrid @pwnetrationguru guys, can you please review this? it looks 👍 to me

@pwnetrationguru
Copy link
Contributor

👍 and 💥

@pitbulk
Copy link
Collaborator

pitbulk commented Sep 17, 2014

👍

@luisvm
Copy link
Contributor

luisvm commented Sep 17, 2014

👍 looking good

@Lordnibbler
Copy link
Contributor

shipping it

Lordnibbler added a commit that referenced this pull request Sep 17, 2014
@Lordnibbler
Merge pull request #144 from newrelic/digest_method_lookup_bug_fix
1f06df8 
Fix DigestMethod lookup bug.
@Lordnibbler Lordnibbler merged commit 1f06df8 into SAML-Toolkits:master Sep 17, 2014
@Lordnibbler
Copy link
Contributor

thanks for your patience @curious-attempt-bunny @cbshakumar

@curious-attempt-bunny
Copy link
Contributor Author

Thanks for maintaining ruby-saml!

Am Sep 17, 2014 um 11:12 AM schrieb Ben notifications@github.com:

thanks for your patience @curious-attempt-bunny @cbshakumar


Reply to this email directly or view it on GitHub.

@Lordnibbler
Copy link
Contributor

welcome @curious-attempt-bunny !

k1w1 added a commit to aha-app/omniauth-saml that referenced this pull request Apr 28, 2015
@k1w1
Upgraded to ruby-saml 0.9.1 to fix digest bug (SAML-Toolkits/ruby-sam…
0e598f6 
…l#144)
pitbulk added a commit that referenced this pull request Feb 27, 2018
@pitbulk
Fix DigestMethod lookup bug #144
54acb75
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@curious-attempt-bunny @phene @pitbulk @Lordnibbler @cbshakumar @pwnetrationguru @luisvm