remove uuid gem in favor of SecureRandom, and add util method for

creating ids

Author: nddeluca

lib/onelogin/ruby-saml/authrequest.rb

@@ -1,8 +1,8 @@
-require "uuid"
 require "rexml/document"
 
 require "onelogin/ruby-saml/logging"
 require "onelogin/ruby-saml/saml_message"
+require "onelogin/ruby-saml/utils"
 
 # Only supports SAML 2.0
 module OneLogin
@@ -20,7 +20,7 @@ class Authrequest < SamlMessage
       # Asigns an ID, a random uuid.
       #
       def initialize
-        @uuid = "_" + UUID.new.generate
+        @uuid = OneLogin::RubySaml::Utils.uuid
       end
 
       # Creates the AuthNRequest string.

lib/onelogin/ruby-saml/idp_metadata_parser.rb

@@ -1,5 +1,4 @@
 require "base64"
-require "uuid"
 require "zlib"
 require "cgi"
 require "net/http"

lib/onelogin/ruby-saml/logoutrequest.rb

@@ -1,7 +1,6 @@
-require "uuid"
-
 require "onelogin/ruby-saml/logging"
 require "onelogin/ruby-saml/saml_message"
+require "onelogin/ruby-saml/utils"
 
 # Only supports SAML 2.0
 module OneLogin
@@ -18,7 +17,7 @@ class Logoutrequest < SamlMessage
       # Asigns an ID, a random uuid.
       #
       def initialize
-        @uuid = "_" + UUID.new.generate
+        @uuid = OneLogin::RubySaml::Utils.uuid
       end
 
       # Creates the Logout Request string.
@@ -108,7 +107,7 @@ def create_logout_request_xml_doc(settings)
           nameid.text = settings.name_identifier_value
         else
           # If no NameID is present in the settings we generate one
-          nameid.text = "_" + UUID.new.generate
+          nameid.text = OneLogin::RubySaml::Utils.uuid
           nameid.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
         end
 

lib/onelogin/ruby-saml/slo_logoutresponse.rb

@@ -1,7 +1,7 @@
-require "uuid"
-
 require "onelogin/ruby-saml/logging"
+
 require "onelogin/ruby-saml/saml_message"
+require "onelogin/ruby-saml/utils"
 
 # Only supports SAML 2.0
 module OneLogin
@@ -18,7 +18,7 @@ class SloLogoutresponse < SamlMessage
       # Asigns an ID, a random uuid.
       #
       def initialize
-        @uuid = "_" + UUID.new.generate
+        @uuid = OneLogin::RubySaml::Utils.uuid
       end
 
       # Creates the Logout Response string.

lib/onelogin/ruby-saml/utils.rb

@@ -2,7 +2,7 @@ module OneLogin
   module RubySaml
 
     # SAML2 Auxiliary class
-    #    
+    #
     class Utils
 
       DSIG      = "http://www.w3.org/2000/09/xmldsig#"
@@ -30,7 +30,7 @@ def self.format_cert(cert)
       # @return [String] The formatted private key
       #
       def self.format_private_key(key)
-        # don't try to format an encoded private key or if is empty  
+        # don't try to format an encoded private key or if is empty
         return key if key.nil? || key.empty? || key.match(/\x0d/)
 
         # is this an rsa key?
@@ -114,7 +114,7 @@ def self.decrypt_data(encrypted_node, private_key)
           { 'xenc' => XENC }
         )
         algorithm = encrypt_method.attributes['Algorithm']
-        retrieve_plaintext(node, symmetric_key, algorithm)        
+        retrieve_plaintext(node, symmetric_key, algorithm)
       end
 
       # Obtains the symmetric key from the EncryptedData element
@@ -134,7 +134,7 @@ def self.retrieve_symmetric_key(encrypt_data, private_key)
           {"ds" => DSIG,  "xenc" => XENC }
         )
         algorithm = encrypt_method.attributes['Algorithm']
-        retrieve_plaintext(cipher_text, private_key, algorithm)        
+        retrieve_plaintext(cipher_text, private_key, algorithm)
       end
 
       # Obtains the deciphered text
@@ -152,7 +152,7 @@ def self.retrieve_plaintext(cipher_text, symmetric_key, algorithm)
           when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
         end
 
-        if cipher          
+        if cipher
           iv_len = cipher.iv_len
           data = cipher_text[iv_len..-1]
           cipher.padding, cipher.key, cipher.iv = 0, symmetric_key, cipher_text[0..iv_len-1]
@@ -167,6 +167,9 @@ def self.retrieve_plaintext(cipher_text, symmetric_key, algorithm)
         end
       end
 
+      def self.uuid
+        "_#{SecureRandom.uuid}"
+      end
     end
   end
 end

ruby-saml.gemspec

@@ -25,8 +25,6 @@ Gem::Specification.new do |s|
   s.summary = %q{SAML Ruby Tookit}
   s.test_files = `git ls-files test/*`.split("\n")
 
-  s.add_runtime_dependency('uuid', '~> 2.3')
-
   # Because runtime dependencies are determined at build time, we cannot make
   # Nokogiri's version dependent on the Ruby version, even though we would
   # have liked to constrain Ruby 1.8.7 to install only the 1.5.x versions.

test/logoutrequest_test.rb

@@ -29,7 +29,8 @@ class RequestTest < Minitest::Test
     end
 
     it "set sessionindex" do
-      sessionidx = UUID.new.generate
+      settings.idp_slo_target_url = "http://example.com"
+      sessionidx = OneLogin::RubySaml::Utils.uuid
       settings.sessionindex = sessionidx
 
       unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :nameid => "there" })

test/test_helper.rb

@@ -203,7 +203,7 @@ def ruby_saml_key_text
   # logoutresponse fixtures
   #
   def random_id
-    "_#{UUID.new.generate}"
+    "_#{OneLogin::RubySaml::Utils.uuid}"
   end
 
   #

test/utils_test.rb

@@ -142,4 +142,17 @@ class UtilsTest < Minitest::Test
       assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
     end
   end
-end
+
+  describe "Utils" do
+
+    describe ".uuid" do
+      it "returns a uuid starting with an underscore" do
+        assert_match /^_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/, OneLogin::RubySaml::Utils.uuid
+      end
+
+      it "doesn't return the same value twice" do
+        refute_equal OneLogin::RubySaml::Utils.uuid, OneLogin::RubySaml::Utils.uuid
+      end
+    end
+  end
+end