Fix RSA1 - RSA_SHA1 constants

pitbulk · pitbulk · commit 50ddb3fef5a3 · 2015-03-24T13:46:02.000+01:00
diff --git a/lib/onelogin/ruby-saml/authrequest.rb b/lib/onelogin/ruby-saml/authrequest.rb
@@ -42,7 +42,7 @@ def create_params(settings, params={})
         request_params = {"SAMLRequest" => base64_request}
 
         if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
-          params['SigAlg']    = XMLSecurity::Document::SHA1
+          params['SigAlg']    = XMLSecurity::Document::RSA_SHA1
           url_string          = "SAMLRequest=#{CGI.escape(base64_request)}"
           url_string         += "&RelayState=#{CGI.escape(params['RelayState'])}" if params['RelayState']
           url_string         += "&SigAlg=#{CGI.escape(params['SigAlg'])}"
diff --git a/lib/onelogin/ruby-saml/logoutrequest.rb b/lib/onelogin/ruby-saml/logoutrequest.rb
@@ -40,7 +40,7 @@ def create_params(settings, params={})
         request_params = {"SAMLRequest" => base64_request}
 
         if settings.security[:logout_requests_signed] && !settings.security[:embed_sign] && settings.private_key
-          params['SigAlg']    = XMLSecurity::Document::SHA1
+          params['SigAlg']    = XMLSecurity::Document::RSA_SHA1
           url_string          = "SAMLRequest=#{CGI.escape(base64_request)}"
           url_string         += "&RelayState=#{CGI.escape(params['RelayState'])}" if params['RelayState']
           url_string         += "&SigAlg=#{CGI.escape(params['SigAlg'])}"
diff --git a/lib/onelogin/ruby-saml/settings.rb b/lib/onelogin/ruby-saml/settings.rb
@@ -114,7 +114,7 @@ def get_sp_key
           :logout_responses_signed   => false,
           :embed_sign               => false,
           :digest_method            => XMLSecurity::Document::SHA1,
-          :signature_method         => XMLSecurity::Document::SHA1
+          :signature_method         => XMLSecurity::Document::RSA_SHA1
         }.freeze,
         :double_quote_xml_attribute_values         => false,
       }.freeze
diff --git a/lib/onelogin/ruby-saml/slo_logoutresponse.rb b/lib/onelogin/ruby-saml/slo_logoutresponse.rb
@@ -41,7 +41,7 @@ def create_params(settings, request_id = nil, logout_message = nil, params = {})
         response_params = {"SAMLResponse" => base64_response}
 
         if settings.security[:logout_responses_signed] && !settings.security[:embed_sign] && settings.private_key
-          params['SigAlg']    = XMLSecurity::Document::SHA1
+          params['SigAlg']    = XMLSecurity::Document::RSA_SHA1
           url_string          = "SAMLResponse=#{CGI.escape(base64_response)}"
           url_string         += "&RelayState=#{CGI.escape(params['RelayState'])}" if params['RelayState']
           url_string         += "&SigAlg=#{CGI.escape(params['SigAlg'])}"
diff --git a/lib/xml_security.rb b/lib/xml_security.rb
@@ -71,10 +71,14 @@ def algorithm(element)
   end
 
   class Document < BaseDocument
-    SHA1            = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
-    SHA256          = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
-    SHA384          = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
-    SHA512          = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+    RSA_SHA1            = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
+    RSA_SHA256            = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+    RSA_SHA384            = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
+    RSA_SHA512            = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
+    SHA1            = "http://www.w3.org/2000/09/xmldsig#sha1"
+    SHA256          = "http://www.w3.org/2001/04/xmldsig-more#sha256"
+    SHA384          = "http://www.w3.org/2001/04/xmldsig-more#sha384"
+    SHA512          = "http://www.w3.org/2001/04/xmldsig-more#sha512"
     ENVELOPED_SIG   = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
     INC_PREFIX_LIST = "#default samlp saml ds xs xsi"
 
@@ -101,7 +105,7 @@ def uuid
       #<KeyInfo />
       #<Object />
     #</Signature>
-    def sign_document(private_key, certificate, signature_method = SHA1, digest_method = SHA1)
+    def sign_document(private_key, certificate, signature_method = RSA_SHA1, digest_method = SHA1)
       noko = Nokogiri.parse(self.to_s)
       canon_doc = noko.canonicalize(canon_algorithm(C14N))
 
@@ -118,7 +122,7 @@ def sign_document(private_key, certificate, signature_method = SHA1, digest_meth
       transforms_element.add_element("ds:Transform", {"Algorithm" => ENVELOPED_SIG})
       transforms_element.add_element("ds:Transform", {"Algorithm" => C14N})
       transforms_element.add_element("ds:InclusiveNamespaces", {"xmlns" => C14N, "PrefixList" => INC_PREFIX_LIST})
-
+      
       digest_method_element = reference_element.add_element("ds:DigestMethod", {"Algorithm" => digest_method})
       reference_element.add_element("ds:DigestValue").text = compute_digest(canon_doc, algorithm(digest_method_element))
 
diff --git a/test/logoutrequest_test.rb b/test/logoutrequest_test.rb
@@ -107,7 +107,7 @@ class RequestTest < Minitest::Test
         inflated = decode_saml_request_payload(unauth_url)
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], inflated
         assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], inflated
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], inflated
       end
 
       it "create a signed logout request with 256 digest and signature methods" do
@@ -118,7 +118,7 @@ class RequestTest < Minitest::Test
         # sign the logout request
         settings.security[:logout_requests_signed] = true
         settings.security[:embed_sign] = true
-        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
         settings.security[:digest_method] = XMLSecurity::Document::SHA512
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
@@ -128,7 +128,7 @@ class RequestTest < Minitest::Test
 
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
         assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'/>], request_xml
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha512'/>], request_xml
       end
     end
 
@@ -140,19 +140,19 @@ class RequestTest < Minitest::Test
         settings.name_identifier_value = "f00f00"
         settings.security[:logout_requests_signed] = true
         settings.security[:embed_sign] = false
-        settings.security[:signature_method] = XMLSecurity::Document::SHA1
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
 
         params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
 
         # signature_method only affects the embedeed signature
-        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
         params = OneLogin::RubySaml::Logoutrequest.new.create_params(settings)
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
       end
     end
 
diff --git a/test/request_test.rb b/test/request_test.rb
@@ -159,7 +159,7 @@ class RequestTest < Minitest::Test
         request_xml = Base64.decode64(params["SAMLRequest"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
         assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], request_xml
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1'/>], request_xml
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'/>], request_xml
       end
 
       it "create a signed request with 256 digest and signature methods" do
@@ -168,7 +168,7 @@ class RequestTest < Minitest::Test
         settings.idp_sso_target_url = "http://example.com?field=value"
         settings.security[:authn_requests_signed] = true
         settings.security[:embed_sign] = true
-        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
         settings.security[:digest_method] = XMLSecurity::Document::SHA512
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
@@ -177,11 +177,10 @@ class RequestTest < Minitest::Test
         request_xml = Base64.decode64(params["SAMLRequest"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], request_xml
         assert_match %r[<ds:SignatureMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'/>], request_xml
-        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'/>], request_xml
+        assert_match %r[<ds:DigestMethod Algorithm='http://www.w3.org/2001/04/xmldsig-more#sha512'/>], request_xml
       end
     end
 
-
     describe "when the settings indicate to sign the request" do
       it "create a signature parameter" do
         settings = OneLogin::RubySaml::Settings.new
@@ -190,19 +189,19 @@ class RequestTest < Minitest::Test
         settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
         settings.security[:authn_requests_signed] = true
         settings.security[:embed_sign] = false
-        settings.security[:signature_method] = XMLSecurity::Document::SHA1
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
 
         params = OneLogin::RubySaml::Authrequest.new.create_params(settings)
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
 
         # signature_method only affects the embedeed signature
         settings.security[:signature_method] = XMLSecurity::Document::SHA256
         params = OneLogin::RubySaml::Authrequest.new.create_params(settings)
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
       end
     end
 
diff --git a/test/response_test.rb b/test/response_test.rb
@@ -378,5 +378,6 @@ class RubySamlTest < Minitest::Test
         assert_equal($evalled, nil)
       end
     end
+
   end
 end
diff --git a/test/settings_test.rb b/test/settings_test.rb
@@ -69,13 +69,13 @@ class SettingsTest < Minitest::Test
       settings.security[:authn_requests_signed] = true
       settings.security[:embed_sign] = true
       settings.security[:digest_method] = XMLSecurity::Document::SHA256
-      settings.security[:signature_method] = XMLSecurity::Document::SHA256
+      settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
 
       new_settings = OneLogin::RubySaml::Settings.new
       assert_equal new_settings.security[:authn_requests_signed], false
       assert_equal new_settings.security[:embed_sign], false
       assert_equal new_settings.security[:digest_method], XMLSecurity::Document::SHA1
-      assert_equal new_settings.security[:signature_method], XMLSecurity::Document::SHA1
+      assert_equal new_settings.security[:signature_method], XMLSecurity::Document::RSA_SHA1
     end
   end
 end
diff --git a/test/slo_logoutresponse_test.rb b/test/slo_logoutresponse_test.rb
@@ -83,7 +83,7 @@ class SloLogoutresponseTest < Minitest::Test
         response_xml = Base64.decode64(params["SAMLResponse"])
         assert_match %r[<ds:SignatureValue>([a-zA-Z0-9/+=]+)</ds:SignatureValue>], response_xml
         response_xml =~ /<ds:SignatureMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
-        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1'\/>/
+        response_xml =~ /<ds:DigestMethod Algorithm='http:\/\/www.w3.org\/2000\/09\/xmldsig#sha1'\/>/
       end
 
       it "create a signed logout response with 256 digest and signature methods" do
@@ -92,7 +92,7 @@ class SloLogoutresponseTest < Minitest::Test
         settings.idp_slo_target_url = "http://example.com?field=value"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = true
-        settings.security[:signature_method] = XMLSecurity::Document::SHA256
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA256
         settings.security[:digest_method] = XMLSecurity::Document::SHA512
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
@@ -115,20 +115,20 @@ class SloLogoutresponseTest < Minitest::Test
         settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
         settings.security[:logout_responses_signed] = true
         settings.security[:embed_sign] = false
-        settings.security[:signature_method] = XMLSecurity::Document::SHA1
+        settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1
         settings.certificate  = ruby_saml_cert_text
         settings.private_key = ruby_saml_key_text
 
         request = OneLogin::RubySaml::SloLogoutrequest.new(logout_request_document)
         params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
 
         # signature_method only affects the embedeed signature
         settings.security[:signature_method] = XMLSecurity::Document::SHA256
         params = OneLogin::RubySaml::SloLogoutresponse.new.create_params(settings, request.id, "Custom Logout Message")
         assert params['Signature']
-        assert params['SigAlg'] == XMLSecurity::Document::SHA1
+        assert params['SigAlg'] == XMLSecurity::Document::RSA_SHA1
       end
     end
   end

-Original file line number
+Diff line change
         assert_equal($evalled, nil)
       end
     end
++
   end
 end