From 049663724ecf779e43dad7908a16f07055a68a4e Mon Sep 17 00:00:00 2001 From: Michael Zeller Date: Thu, 12 Sep 2024 13:42:54 -0400 Subject: [PATCH] Bump samael to v0.17 to pick up samael#53 (#6558) --- Cargo.lock | 8 ++++---- Cargo.toml | 2 +- nexus/auth/src/authn/silos.rs | 11 +++++------ 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e691830e4b..f9c472d0c0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8303,9 +8303,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quick-xml" -version = "0.31.0" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1004a344b30a54e2ee58d66a71b32d2db2feb0a31f9a2d302bf0536f15de2a33" +checksum = "0ca7dd09b5f4a9029c35e323b086d0a68acdc673317b9c4d002c6f1d4a7278c6" dependencies = [ "memchr", "serde", @@ -9189,9 +9189,9 @@ dependencies = [ [[package]] name = "samael" -version = "0.0.15" +version = "0.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5da862a2115c0767681e28309a367dbd0a2366026948aae0272787e582d71eaf" +checksum = "6c3e9664150c82db0eba06db746594e1e8e092c5c91986ee0fe46c0619fb159f" dependencies = [ "base64 0.22.1", "bindgen", diff --git a/Cargo.toml b/Cargo.toml index cace946df8..49b6e0de44 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -528,7 +528,7 @@ rustfmt-wrapper = "0.2" rustls = "0.22.2" rustls-pemfile = "2.1.3" rustyline = "14.0.0" -samael = { version = "0.0.15", features = ["xmlsec"] } +samael = { version = "0.0.17", features = ["xmlsec"] } schemars = "0.8.21" secrecy = "0.8.0" semver = { version = "1.0.23", features = ["std", "serde"] } diff --git a/nexus/auth/src/authn/silos.rs b/nexus/auth/src/authn/silos.rs index 40b6346fa0..b451149d03 100644 --- a/nexus/auth/src/authn/silos.rs +++ b/nexus/auth/src/authn/silos.rs @@ -107,7 +107,9 @@ impl SamlIdentityProvider { let authn_request_url = if let Some(key) = self.private_key_bytes()? { // sign authn request if keys were supplied - authn_request.signed_redirect(&encoded_relay_state, &key) + let pkey = openssl::pkey::PKey::private_key_from_der(&key) + .map_err(|e| anyhow!(e.to_string()))?; + authn_request.signed_redirect(&encoded_relay_state, pkey) } else { authn_request.redirect(&encoded_relay_state) } @@ -294,10 +296,7 @@ impl SamlIdentityProvider { ) })?; - let signature_algorithm: String = - assertion_signature.signed_info.signature_method.algorithm; - - match signature_algorithm.as_str() { + match assertion_signature.signed_info.signature_method.algorithm.value() { // List taken from Signature section of // https://www.w3.org/TR/xmldsig-core1/#sec-AlgID, removing // discouraged items. @@ -314,7 +313,7 @@ impl SamlIdentityProvider { "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512" | "http://www.w3.org/2009/xmldsig11#dsa-sha256" => {} - _ => { + signature_algorithm => { return Err( HttpError::for_bad_request( None,