RubyGems - ciam-es - Versions diffs - 0.0.1 → 0.0.6 - Mend

ciam-es 0.0.1 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/ciam-es.gemspec +2 -2
data/lib/ciam/ruby-saml/authrequest.rb +12 -12
data/lib/ciam/ruby-saml/logout_request.rb +76 -55
data/lib/ciam/ruby-saml/metadata.rb +2 -51
data/lib/ciam/ruby-saml/response.rb +6 -7
data/lib/ciam/ruby-saml/settings.rb +1 -1
metadata +7 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4e95196cb69850d66b4ad960fcf279885cb600448b39548e22b627998da49363
-  data.tar.gz: 53895057eaafde1db9a846ca1f885219348bdeb0dcaffffb29c39c74e78bd20c
+  metadata.gz: 3dad8a3cc1881093b5b571a3a6ff5ef017a580efd63eabe3a40551c365b2ed06
+  data.tar.gz: a5f904d9fb491a5fa3e916f81ff3a85b86f93536fb32546e35605ca09a3b3530
 SHA512:
-  metadata.gz: 12312ab615271d5e7213a49528de7a286ffd3a103bdd7cf4ff810c2f146fe5bd7fba0bb10df24a37a7c9d3c74be0c875d43fdaaa3e05bead86c1366545278918
-  data.tar.gz: 2f46ce928a88d79369d7b22d8ef29f4490b0a6a8c600c2927b511e539d8b62a189c3c81ff56a3276b965d907d2f0ea78890c28594c9a71a98c092fd6a5749f85
+  metadata.gz: f15050be6418bf31b9b680e16de3646cd987d5142db14a9a07656e62b2916d0dd21c891d594cbf8ded5a288ab03162126480318c5fa0cc130ccc1483e03bfd48
+  data.tar.gz: 5e49de6e43c66d2823efc1a472be655edca69deebec364d595aea1577eedd203ed272846ab76e252474502f28addd9b3dcc36949a8e51478aa8a6b46dff02a02

data/ciam-es.gemspec CHANGED

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 Gem::Specification.new do |s|
   s.name = 'ciam-es'
-  s.version = '0.0.1'
+  s.version = '0.0.6'
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]
@@ -19,5 +19,5 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency("canonix", ["0.1.1"])
   s.add_runtime_dependency("uuid", ["~> 2.3"])
   s.add_runtime_dependency("nokogiri", '>= 1.6.7.2')
-  s.add_runtime_dependency("addressable", ["2.7.0"])
+  s.add_runtime_dependency("addressable", [">= 2.4.0"])
 end

data/lib/ciam/ruby-saml/authrequest.rb CHANGED

@@ -29,7 +29,7 @@ module Ciam::Saml
       # Create AuthnRequest root element using REXML
       request_doc = Ciam::XMLSecurityNew::Document.new
       request_doc.context[:attribute_quote] = :quote
-      root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
+      root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
                                                               "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion"
                                                              }
       root.attributes['ID'] = uuid
@@ -72,7 +72,7 @@ module Ciam::Saml
       if @settings.name_identifier_format != nil
-        root.add_element "saml2p:NameIDPolicy", {
+        root.add_element "samlp:NameIDPolicy", {
             # Might want to make AllowCreate a setting?
             #{}"AllowCreate"     => "true",
             "Format"          => @settings.name_identifier_format[0]
@@ -83,8 +83,8 @@ module Ciam::Saml
       # match required for authentication to succeed.  If this is not defined,
       # the IdP will choose default rules for authentication.  (Shibboleth IdP)
       if @settings.authn_context != nil
-        requested_context = root.add_element "saml2p:RequestedAuthnContext", {
-          "Comparison" => "minimum"
+        requested_context = root.add_element "samlp:RequestedAuthnContext", {
+          "Comparison" => "exact"
         }
         context_class = []
         @settings.authn_context.each_with_index{ |context, index|
@@ -95,12 +95,12 @@ module Ciam::Saml
       end
       if @settings.requester_identificator != nil
-        requester_identificator = root.add_element "saml2p:Scoping", {
+        requester_identificator = root.add_element "samlp:Scoping", {
           "ProxyCount" => "0"
         }
         identificators = []
         @settings.requester_identificator.each_with_index{ |requester, index|
-          identificators[index] = requester_identificator.add_element "saml2p:RequesterID"
+          identificators[index] = requester_identificator.add_element "samlp:RequesterID"
           identificators[index].text = requester
         }
@@ -109,12 +109,12 @@ module Ciam::Saml
       request_doc << REXML::XMLDecl.new("1.0", "UTF-8")
       #LA FIRMA VA MESSA SOLO NEL CASO CON HTTP POST
-      # cert = @settings.get_sp_cert
-      #   # embed signature
-      #   if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
-      #     private_key = @settings.get_sp_key
-      #     request_doc.sign_document(private_key, cert)
-      #   end
+      cert = @settings.get_cert(@settings.sp_cert)
+      # embed signature
+      if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
+        private_key = @settings.get_sp_key
+        request_doc.sign_document(private_key, cert)
+      end
       # stampo come stringa semplice i metadata per non avere problemi con validazione firma
       #ret = request_doc.to_s

data/lib/ciam/ruby-saml/logout_request.rb CHANGED

@@ -37,85 +37,106 @@ module Ciam::Saml
       opt = { :name_id => nil, :session_index => nil, :extra_parameters => nil  }.merge(options)
       return nil unless opt[:name_id]
-      @request = REXML::Document.new
-      @request.context[:attribute_quote] = :quote
+      request_doc = Ciam::XMLSecurityNew::Document.new
+      request_doc.context[:attribute_quote] = :quote
-      root = @request.add_element "saml2p:LogoutRequest", { "xmlns:saml2p" => PROTOCOL }
+      root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL, "xmlns:saml" => ASSERTION }
       root.attributes['ID'] = @transaction_id
       root.attributes['IssueInstant'] = @issue_instant
       root.attributes['Version'] = "2.0"
       root.attributes['Destination'] = @settings.single_logout_destination
-      issuer = root.add_element "saml2:Issuer", { "xmlns:saml2" => ASSERTION  }
-      issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-      #issuer.text = @settings.issuer
-      #per la federazione trentina qui ci vanno i metadati...
-      issuer.text = @settings.idp_metadata
+      issuer = root.add_element "saml:Issuer"#, { "xmlns:saml2" => ASSERTION  }
+      #issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
+      issuer.text = @settings.issuer
-      name_id = root.add_element "saml2:NameID", { "xmlns:saml2" => ASSERTION }
+      name_id = root.add_element "saml:NameID"#, { "xmlns:saml2" => ASSERTION }
       name_id.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
       name_id.attributes['NameQualifier'] = @settings.idp_name_qualifier
       name_id.text = opt[:name_id]
       # I believe the rest of these are optional
-      if @settings && @settings.sp_name_qualifier
-        name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
-      end
+      # if @settings && @settings.sp_name_qualifier
+      #   name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
+      # end
       if opt[:session_index]
-        session_index = root.add_element "saml2p:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
+        session_index = root.add_element "samlp:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
         session_index.text = opt[:session_index]
       end
-      Logging.debug "Created LogoutRequest: #{@request}"
-      meta = Metadata.new(@settings)
-      return meta.create_slo_request( to_s, opt[:extra_parameters] )
+      request_doc << REXML::XMLDecl.new("1.0", "UTF-8")
+      #sign logout_request
+      cert = @settings.get_cert(@settings.sp_cert)
+      # embed signature
+      if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
+        private_key = @settings.get_sp_key
+        request_doc.sign_document(private_key, cert)
+      end
+      puts "Created LogoutRequest: #{request_doc}"
+      #Logout per binding redirect
+      # meta = Metadata.new(@settings)
+      # slo_req = meta.create_slo_request( request_doc.to_s, opt[:extra_parameters] )
+      return request_doc.to_s
       #action, content =  binding_select("SingleLogoutService")
       #Logging.debug "action: #{action} content: #{content}"
       #return [action, content]
-     end
+    end
-  # function to return the created request as an XML document
+    # function to return the created request as an XML document
     def to_xml
-    text = ""
-    @request.write(text, 1)
-      return text
+        text = ""
+        @request.write(text, 1)
+        return text
+    end
+    def to_s
+        @request.to_s
     end
-   def to_s
-     @request.to_s
-   end
     # Functions for pulling values out from an IdP initiated LogoutRequest
-  def name_id
-    element = REXML::XPath.first(@request, "/p:LogoutRequest/a:NameID", {
-        "p" => PROTOCOL, "a" => ASSERTION } )
-    return nil if element.nil?
-    # Can't seem to get this to work right...
-    #element.context[:compress_whitespace] = ["NameID"]
-    #element.context[:compress_whitespace] = :all
-    str = element.text.gsub(/^\s+/, "")
-    str.gsub!(/\s+$/, "")
-    return str
-  end
+    def name_id
+      element = REXML::XPath.first(@request, "/p:LogoutRequest/a:NameID", {
+          "p" => PROTOCOL, "a" => ASSERTION } )
+      return nil if element.nil?
+      # Can't seem to get this to work right...
+      #element.context[:compress_whitespace] = ["NameID"]
+      #element.context[:compress_whitespace] = :all
+      str = element.text.gsub(/^\s+/, "")
+      str.gsub!(/\s+$/, "")
+      return str
+    end
-  def transaction_id
-    return @transaction_id if @transaction_id
-    element = REXML::XPath.first(@request, "/p:LogoutRequest", {
-        "p" => PROTOCOL} )
-    return nil if element.nil?
-    return element.attributes["ID"]
-  end
-  def is_valid?
-    validate(soft = true)
-  end
+    def transaction_id
+      return @transaction_id if @transaction_id
+      element = REXML::XPath.first(@request, "/p:LogoutRequest", {
+          "p" => PROTOCOL} )
+      return nil if element.nil?
+      return element.attributes["ID"]
+    end
+    def is_valid?
+      validate(soft = true)
+    end
-  def validate!
-    validate( soft = false )
-  end
-  def validate( soft = true )
-    return false if @request.nil?
-      return false if @request.validate(@settings, soft) == false
-    return true
-  end
+    def validate!
+      validate( soft = false )
+    end
+    def validate( soft = true )
+      return false if @request.nil?
+        return false if @request.validate(@settings, soft) == false
+      return true
+    end
     private
     def self.timestamp

data/lib/ciam/ruby-saml/metadata.rb CHANGED

@@ -30,18 +30,10 @@ module Ciam
       def generate(settings)
         #meta_doc = REXML::Document.new
         meta_doc = Ciam::XMLSecurityNew::Document.new
-        if settings.aggregato
-          root = meta_doc.add_element "md:EntityDescriptor", {
-            "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
-            "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace",
-            "xmlns:ciam"        => "https://ciam.gov.it/saml-extensions",
-          }
-        else
-          root = meta_doc.add_element "md:EntityDescriptor", {
+        root = meta_doc.add_element "md:EntityDescriptor", {
             "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
             "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace"
           }
-        end
         if settings.issuer != nil
           root.attributes["entityID"] = settings.issuer
@@ -223,53 +215,12 @@ module Ciam
             "xml:lang" => "it"
         }
-        org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
+        org_display_name.text = settings.organization['org_display_name']
         org_url = organization.add_element "md:OrganizationURL", {
             "xml:lang" => "it"
         }
         org_url.text = settings.organization['org_url']
-        #ContactPerson per sp aggregato
-        if settings.aggregato
-          contact_person_aggregatore = root.add_element "md:ContactPerson", {
-            "contactType" => "other",
-            "ciam:entityType" => "ciam:aggregator"
-          }
-          company = contact_person_aggregatore.add_element "md:Company"
-          company.text = settings.hash_aggregatore['soggetto_aggregatore']
-          extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
-          vat_number_aggregatore = extensions_aggregatore.add_element "ciam:VATNumber"
-          vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
-          ipa_code_aggregatore = extensions_aggregatore.add_element "ciam:IPACode"
-          ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
-          fiscal_code_aggregatore = extensions_aggregatore.add_element "ciam:FiscalCode"
-          fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
-          contact_person_aggregato = root.add_element "md:ContactPerson", {
-            "contactType" => "other",
-            "ciam:entityType" => "ciam:aggregated"
-          }
-          company = contact_person_aggregato.add_element "md:Company"
-          company.text = settings.organization['org_name']
-          extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
-          unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
-            vat_number_aggregato = extensions_aggregato.add_element "ciam:VATNumber"
-            vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
-          end
-          unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
-            ipa_code_aggregato = extensions_aggregato.add_element "ciam:IPACode"
-            ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
-          end
-          unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
-            fiscal_code_aggregato = extensions_aggregato.add_element "ciam:FiscalCode"
-            fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
-          end
-        end
         #meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
         meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")

data/lib/ciam/ruby-saml/response.rb CHANGED

@@ -98,8 +98,13 @@ module Ciam
             parse_time(node, "SessionNotOnOrAfter")
           end
         end
+        def session_index
+          @session_index ||= begin
+            node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+            node.attributes["SessionIndex"] unless node.blank?
+          end
+        end
         # Checks the status of the response for a "Success" code
         def success?
@@ -166,12 +171,6 @@ module Ciam
             }
-            issuer_assertion_nodes.each{ |iss|
-              #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
-              return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
-            }
             nodes = issuer_response_nodes + issuer_assertion_nodes
             nodes.map { |node| Utils.element_text(node) }.compact.uniq

data/lib/ciam/ruby-saml/settings.rb CHANGED

@@ -10,7 +10,7 @@ module Ciam
       attr_accessor :name_identifier_value, :name_identifier_format
       attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
       attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
-      attr_accessor :skip_validation, :aggregato, :hash_aggregatore
+      attr_accessor :skip_validation
       def initialize(config = {})
         config.each do |k,v|

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ciam-es
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.6
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-31 00:00:00.000000000 Z
+date: 2020-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix
@@ -56,16 +56,16 @@ dependencies:
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.4.0
 description: 'SAML toolkit for Ruby programs to integrate with CIAM Milano '
 email: fabiano.pavan@soluzionipa.it
 executables: []
@@ -138,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
 summary: SAML Ruby Tookit CIAM