ciam-es 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/ciam-es.gemspec +1 -1
  3. data/lib/ciam/ruby-saml/authrequest.rb +12 -12
  4. data/lib/ciam/ruby-saml/logout_request.rb +69 -46
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bb8518dd8770087934f1e2c2a660933024bc95cefb2e0236f1d6a6d9978ec261
4
- data.tar.gz: d079efe7ad4bfd58517037d553bd16f206db66c0e4a4ea56d6adeeda62380ac5
3
+ metadata.gz: 8776dcc691c65c5104bc990b84c51693a1e9df07f22a9775c1459a68b58bb938
4
+ data.tar.gz: 197e0f5cf866e9eae24bdcff42daacfad4f2adc1dfe21c8f1a7e5edc829b7e21
5
5
  SHA512:
6
- metadata.gz: 4f6c22bf83eeb57247d65cc83a974ce4b759a850cb18d919e4c6053d450e2ed6cde1dd7178cb5122f81171dcfaa7a50d92fbe403b7eaffe8546238065bf2bdb5
7
- data.tar.gz: 8f76ca315b71604b04432a619b7c835e222a555335775b80445b4e706eda498d0f22eff938b2708935a4fd82f47e7b277fa01e007f1c92eb32c5075d1e2a9b2e
6
+ metadata.gz: e4339837cc5e758da12008514e6f4b68323493c8142d98094cc77a09a42af152e03ad9b4f0e70c7673b9f69dd0238ddd5c146dca8688757c66cdfde4b772d3a8
7
+ data.tar.gz: c6485798511c4ff4f37edc60319d78aace2515987376291256d23cea9f097e44a933e976c2b1e31be73c5798fa42265f989f3a55563f9e658567a56de46a4fc1
data/ciam-es.gemspec CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'ciam-es'
5
- s.version = '0.0.2'
5
+ s.version = '0.0.3'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
data/lib/ciam/ruby-saml/authrequest.rb CHANGED
@@ -29,7 +29,7 @@ module Ciam::Saml
29
29
  # Create AuthnRequest root element using REXML
30
30
  request_doc = Ciam::XMLSecurityNew::Document.new
31
31
  request_doc.context[:attribute_quote] = :quote
32
- root = request_doc.add_element "saml2p:AuthnRequest", { "xmlns:saml2p" => "urn:oasis:names:tc:SAML:2.0:protocol",
32
+ root = request_doc.add_element "samlp:AuthnRequest", { "xmlns:samlp" => "urn:oasis:names:tc:SAML:2.0:protocol",
33
33
  "xmlns:saml" => "urn:oasis:names:tc:SAML:2.0:assertion"
34
34
  }
35
35
  root.attributes['ID'] = uuid
@@ -72,7 +72,7 @@ module Ciam::Saml
72
72
 
73
73
 
74
74
  if @settings.name_identifier_format != nil
75
- root.add_element "saml2p:NameIDPolicy", {
75
+ root.add_element "samlp:NameIDPolicy", {
76
76
  # Might want to make AllowCreate a setting?
77
77
  #{}"AllowCreate" => "true",
78
78
  "Format" => @settings.name_identifier_format[0]
@@ -83,8 +83,8 @@ module Ciam::Saml
83
83
  # match required for authentication to succeed. If this is not defined,
84
84
  # the IdP will choose default rules for authentication. (Shibboleth IdP)
85
85
  if @settings.authn_context != nil
86
- requested_context = root.add_element "saml2p:RequestedAuthnContext", {
87
- "Comparison" => "minimum"
86
+ requested_context = root.add_element "samlp:RequestedAuthnContext", {
87
+ "Comparison" => "exact"
88
88
  }
89
89
  context_class = []
90
90
  @settings.authn_context.each_with_index{ |context, index|
@@ -95,12 +95,12 @@ module Ciam::Saml
95
95
  end
96
96
 
97
97
  if @settings.requester_identificator != nil
98
- requester_identificator = root.add_element "saml2p:Scoping", {
98
+ requester_identificator = root.add_element "samlp:Scoping", {
99
99
  "ProxyCount" => "0"
100
100
  }
101
101
  identificators = []
102
102
  @settings.requester_identificator.each_with_index{ |requester, index|
103
- identificators[index] = requester_identificator.add_element "saml2p:RequesterID"
103
+ identificators[index] = requester_identificator.add_element "samlp:RequesterID"
104
104
  identificators[index].text = requester
105
105
  }
106
106
 
@@ -109,12 +109,12 @@ module Ciam::Saml
109
109
  request_doc << REXML::XMLDecl.new("1.0", "UTF-8")
110
110
 
111
111
  #LA FIRMA VA MESSA SOLO NEL CASO CON HTTP POST
112
- # cert = @settings.get_sp_cert
113
- # # embed signature
114
- # if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
115
- # private_key = @settings.get_sp_key
116
- # request_doc.sign_document(private_key, cert)
117
- # end
112
+ cert = @settings.get_cert(@settings.sp_cert)
113
+ # embed signature
114
+ if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
115
+ private_key = @settings.get_sp_key
116
+ request_doc.sign_document(private_key, cert)
117
+ end
118
118
 
119
119
  # stampo come stringa semplice i metadata per non avere problemi con validazione firma
120
120
  #ret = request_doc.to_s
data/lib/ciam/ruby-saml/logout_request.rb CHANGED
@@ -37,11 +37,11 @@ module Ciam::Saml
37
37
  opt = { :name_id => nil, :session_index => nil, :extra_parameters => nil }.merge(options)
38
38
  return nil unless opt[:name_id]
39
39
 
40
- @request = REXML::Document.new
41
- @request.context[:attribute_quote] = :quote
40
+ request_doc = Ciam::XMLSecurityNew::Document.new
41
+ request_doc.context[:attribute_quote] = :quote
42
42
 
43
43
 
44
- root = @request.add_element "saml2p:LogoutRequest", { "xmlns:saml2p" => PROTOCOL }
44
+ root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL }
45
45
  root.attributes['ID'] = @transaction_id
46
46
  root.attributes['IssueInstant'] = @issue_instant
47
47
  root.attributes['Version'] = "2.0"
@@ -62,60 +62,83 @@ module Ciam::Saml
62
62
  name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
63
63
  end
64
64
  if opt[:session_index]
65
- session_index = root.add_element "saml2p:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
65
+ session_index = root.add_element "samlp:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
66
66
  session_index.text = opt[:session_index]
67
67
  end
68
- Logging.debug "Created LogoutRequest: #{@request}"
69
- meta = Metadata.new(@settings)
70
- return meta.create_slo_request( to_s, opt[:extra_parameters] )
68
+
69
+ request_doc << REXML::XMLDecl.new("1.0", "UTF-8")
70
+ #sign logout_request
71
+ cert = @settings.get_cert(@settings.sp_cert)
72
+
73
+ # embed signature
74
+ if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
75
+ private_key = @settings.get_sp_key
76
+ request_doc.sign_document(private_key, cert)
77
+ end
78
+
79
+
80
+ puts "Created LogoutRequest: #{request_doc}"
81
+
82
+ #Logout per binding redirect
83
+ # meta = Metadata.new(@settings)
84
+ # slo_req = meta.create_slo_request( request_doc.to_s, opt[:extra_parameters] )
85
+
86
+
87
+ return request_doc.to_s
88
+
71
89
  #action, content = binding_select("SingleLogoutService")
72
90
  #Logging.debug "action: #{action} content: #{content}"
73
91
  #return [action, content]
74
- end
92
+ end
75
93
 
76
- # function to return the created request as an XML document
94
+ # function to return the created request as an XML document
77
95
  def to_xml
78
- text = ""
79
- @request.write(text, 1)
80
- return text
96
+ text = ""
97
+ @request.write(text, 1)
98
+ return text
99
+ end
100
+
101
+ def to_s
102
+ @request.to_s
81
103
  end
82
- def to_s
83
- @request.to_s
84
- end
104
+
85
105
  # Functions for pulling values out from an IdP initiated LogoutRequest
86
- def name_id
87
- element = REXML::XPath.first(@request, "/p:LogoutRequest/a:NameID", {
88
- "p" => PROTOCOL, "a" => ASSERTION } )
89
- return nil if element.nil?
90
- # Can't seem to get this to work right...
91
- #element.context[:compress_whitespace] = ["NameID"]
92
- #element.context[:compress_whitespace] = :all
93
- str = element.text.gsub(/^\s+/, "")
94
- str.gsub!(/\s+$/, "")
95
- return str
96
- end
106
+ def name_id
107
+ element = REXML::XPath.first(@request, "/p:LogoutRequest/a:NameID", {
108
+ "p" => PROTOCOL, "a" => ASSERTION } )
109
+ return nil if element.nil?
110
+ # Can't seem to get this to work right...
111
+ #element.context[:compress_whitespace] = ["NameID"]
112
+ #element.context[:compress_whitespace] = :all
113
+ str = element.text.gsub(/^\s+/, "")
114
+ str.gsub!(/\s+$/, "")
115
+ return str
116
+ end
97
117
 
98
- def transaction_id
99
- return @transaction_id if @transaction_id
100
- element = REXML::XPath.first(@request, "/p:LogoutRequest", {
101
- "p" => PROTOCOL} )
102
- return nil if element.nil?
103
- return element.attributes["ID"]
104
- end
105
- def is_valid?
106
- validate(soft = true)
107
- end
118
+ def transaction_id
119
+ return @transaction_id if @transaction_id
120
+ element = REXML::XPath.first(@request, "/p:LogoutRequest", {
121
+ "p" => PROTOCOL} )
122
+ return nil if element.nil?
123
+ return element.attributes["ID"]
124
+ end
125
+
126
+ def is_valid?
127
+ validate(soft = true)
128
+ end
108
129
 
109
- def validate!
110
- validate( soft = false )
111
- end
112
- def validate( soft = true )
113
- return false if @request.nil?
114
- return false if @request.validate(@settings, soft) == false
115
-
116
- return true
117
-
118
- end
130
+ def validate!
131
+ validate( soft = false )
132
+ end
133
+
134
+ def validate( soft = true )
135
+ return false if @request.nil?
136
+ return false if @request.validate(@settings, soft) == false
137
+
138
+ return true
139
+
140
+ end
141
+
119
142
  private
120
143
 
121
144
  def self.timestamp
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ciam-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-31 00:00:00.000000000 Z
11
+ date: 2020-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix
@@ -138,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
138
138
  - !ruby/object:Gem::Version
139
139
  version: '0'
140
140
  requirements: []
141
- rubygems_version: 3.0.6
141
+ rubygems_version: 3.0.8
142
142
  signing_key:
143
143
  specification_version: 4
144
144
  summary: SAML Ruby Tookit CIAM