ciam-es 0.0.3 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8776dcc691c65c5104bc990b84c51693a1e9df07f22a9775c1459a68b58bb938
4
- data.tar.gz: 197e0f5cf866e9eae24bdcff42daacfad4f2adc1dfe21c8f1a7e5edc829b7e21
3
+ metadata.gz: bb9b46bf824cdacb850c58b9738b9d721c867f581b408c31bb73c8825ffd12e6
4
+ data.tar.gz: 4ce376174e42c4591a92b69492dc74d99a4bbac0bcf2f4e52ef8ba5dcc5f795e
5
5
  SHA512:
6
- metadata.gz: e4339837cc5e758da12008514e6f4b68323493c8142d98094cc77a09a42af152e03ad9b4f0e70c7673b9f69dd0238ddd5c146dca8688757c66cdfde4b772d3a8
7
- data.tar.gz: c6485798511c4ff4f37edc60319d78aace2515987376291256d23cea9f097e44a933e976c2b1e31be73c5798fa42265f989f3a55563f9e658567a56de46a4fc1
6
+ metadata.gz: 9c97441c42eaeee5054c18d60d453dd9c484f33497974ff7bf8570efcfe638a3a1084529b486c837cbbef703f2f2ea6ffb9fbdd2c1225d6c2b98584b6be5eb57
7
+ data.tar.gz: 2172dedd7b152474215633d2cdae4e7bf3f15bed9c8ac52ec4175bce16490104140a23c6d65560b96dbbcb563a2730b7d99ad5e9535eae64dad4981e957af9d1
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'ciam-es'
5
- s.version = '0.0.3'
5
+ s.version = '0.0.8'
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Fabiano Pavan"]
@@ -41,26 +41,24 @@ module Ciam::Saml
41
41
  request_doc.context[:attribute_quote] = :quote
42
42
 
43
43
 
44
- root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL }
44
+ root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL, "xmlns:saml" => ASSERTION }
45
45
  root.attributes['ID'] = @transaction_id
46
46
  root.attributes['IssueInstant'] = @issue_instant
47
47
  root.attributes['Version'] = "2.0"
48
48
  root.attributes['Destination'] = @settings.single_logout_destination
49
49
 
50
- issuer = root.add_element "saml2:Issuer", { "xmlns:saml2" => ASSERTION }
51
- issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
52
- #issuer.text = @settings.issuer
53
- #per la federazione trentina qui ci vanno i metadati...
54
- issuer.text = @settings.idp_metadata
50
+ issuer = root.add_element "saml:Issuer"#, { "xmlns:saml2" => ASSERTION }
51
+ #issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
52
+ issuer.text = @settings.issuer
55
53
 
56
- name_id = root.add_element "saml2:NameID", { "xmlns:saml2" => ASSERTION }
54
+ name_id = root.add_element "saml:NameID"#, { "xmlns:saml2" => ASSERTION }
57
55
  name_id.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
58
56
  name_id.attributes['NameQualifier'] = @settings.idp_name_qualifier
59
57
  name_id.text = opt[:name_id]
60
58
  # I believe the rest of these are optional
61
- if @settings && @settings.sp_name_qualifier
62
- name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
63
- end
59
+ # if @settings && @settings.sp_name_qualifier
60
+ # name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
61
+ # end
64
62
  if opt[:session_index]
65
63
  session_index = root.add_element "samlp:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
66
64
  session_index.text = opt[:session_index]
@@ -5,13 +5,15 @@ require "rexml/document"
5
5
  module Ciam
6
6
  module Saml
7
7
  class LogoutResponse
8
- include Coding
8
+ include Coding
9
9
  include Request
10
10
  ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
11
11
  PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
12
12
  DSIG = "http://www.w3.org/2000/09/xmldsig#"
13
13
 
14
- def initialize( options = { } )
14
+ attr_accessor :settings
15
+
16
+ def initialize( options = { } )
15
17
  opt = { :response => nil, :settings => nil }.merge(options)
16
18
  # We've recieved a LogoutResponse from the IdP
17
19
  if opt[:response]
@@ -32,7 +34,7 @@ module Ciam
32
34
  if opt[:settings]
33
35
  @settings = opt[:settings]
34
36
  end
35
- end
37
+ end
36
38
 
37
39
  # Create a LogoutResponse to to the IdP's LogoutRequest
38
40
  # (For IdP initiated SLO)
@@ -42,11 +44,12 @@ module Ciam
42
44
  :status => "urn:oasis:names:tc:SAML:2.0:status:Success",
43
45
  :extra_parameters => nil }.merge(options)
44
46
  return nil if opt[:transaction_id].nil?
45
- @response = REXML::Document.new
46
- @response.context[:attribute_quote] = :quote
47
+ response_doc = Ciam::XMLSecurityNew::Document.new
48
+ response_doc.context[:attribute_quote] = :quote
49
+
47
50
  uuid = "_" + UUID.new.generate
48
51
  time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
49
- root = @response.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
52
+ root = response_doc.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
50
53
  root.attributes['ID'] = uuid
51
54
  root.attributes['IssueInstant'] = time
52
55
  root.attributes['Version'] = "2.0"
@@ -68,44 +71,56 @@ module Ciam
68
71
  }
69
72
  issuer.text = @settings.issuer
70
73
  end
71
- meta = Metadata.new( @settings )
72
- Logging.debug "Created LogoutResponse:\n#{@response}"
73
- return meta.create_slo_response( to_s, opt[:extra_parameters] )
74
+
75
+ response_doc << REXML::XMLDecl.new("1.0", "UTF-8")
76
+ #sign logout_response
77
+ cert = @settings.get_cert(@settings.sp_cert)
78
+
79
+ # embed signature
80
+ if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
81
+ private_key = @settings.get_sp_key
82
+ response_doc.sign_document(private_key, cert)
83
+ end
74
84
 
75
- #root.attributes['Destination'] = action
85
+ Logging.debug "Created LogoutResponse:\n #{response_doc}"
76
86
 
87
+ return response_doc.to_s
88
+
77
89
  end
90
+
78
91
  # function to return the created request as an XML document
79
92
  def to_xml
80
93
  text = ""
81
94
  @response.write(text, 1)
82
95
  return text
83
96
  end
97
+
84
98
  def to_s
85
99
  @response.to_s
86
100
  end
87
101
 
88
- def issuer
89
- element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", {
90
- "p" => PROTOCOL, "a" => ASSERTION} )
91
- return nil if element.nil?
92
- element.text
93
- end
102
+ def issuer
103
+ element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", {
104
+ "p" => PROTOCOL, "a" => ASSERTION} )
105
+ return nil if element.nil?
106
+ element.text
107
+ end
94
108
 
95
- def in_response_to
109
+ def in_response_to
96
110
  element = REXML::XPath.first(@response, "/p:LogoutResponse", {
97
111
  "p" => PROTOCOL })
98
112
  return nil if element.nil?
99
- element.attributes["InResponseTo"]
100
- end
113
+ element.attributes["InResponseTo"]
114
+ end
101
115
 
102
- def success?
116
+ def success?
103
117
  element = REXML::XPath.first(@response, "/p:LogoutResponse/p:Status/p:StatusCode", {
104
118
  "p" => PROTOCOL })
105
119
  return false if element.nil?
106
- element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
107
-
108
- end
120
+ element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
121
+
122
+ end
123
+
109
124
  def is_valid?
110
125
  validate(soft = true)
111
126
  end
@@ -113,6 +128,7 @@ module Ciam
113
128
  def validate!
114
129
  validate( soft = false )
115
130
  end
131
+
116
132
  def validate( soft = true )
117
133
  return false if @response.nil?
118
134
  # Skip validation with a failed response if we don't have settings
@@ -123,10 +139,12 @@ module Ciam
123
139
 
124
140
  end
125
141
 
126
- protected
142
+ protected
143
+
127
144
  def document
128
145
  REXML::Document.new(@response)
129
146
  end
130
- end
147
+
148
+ end
131
149
  end
132
150
  end
@@ -30,18 +30,10 @@ module Ciam
30
30
  def generate(settings)
31
31
  #meta_doc = REXML::Document.new
32
32
  meta_doc = Ciam::XMLSecurityNew::Document.new
33
- if settings.aggregato
34
- root = meta_doc.add_element "md:EntityDescriptor", {
35
- "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
36
- "xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
37
- "xmlns:ciam" => "https://ciam.gov.it/saml-extensions",
38
- }
39
- else
40
- root = meta_doc.add_element "md:EntityDescriptor", {
33
+ root = meta_doc.add_element "md:EntityDescriptor", {
41
34
  "xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
42
35
  "xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
43
36
  }
44
- end
45
37
 
46
38
  if settings.issuer != nil
47
39
  root.attributes["entityID"] = settings.issuer
@@ -223,53 +215,12 @@ module Ciam
223
215
  "xml:lang" => "it"
224
216
  }
225
217
 
226
- org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
218
+ org_display_name.text = settings.organization['org_display_name']
227
219
  org_url = organization.add_element "md:OrganizationURL", {
228
220
  "xml:lang" => "it"
229
221
  }
230
222
  org_url.text = settings.organization['org_url']
231
223
 
232
- #ContactPerson per sp aggregato
233
- if settings.aggregato
234
- contact_person_aggregatore = root.add_element "md:ContactPerson", {
235
- "contactType" => "other",
236
- "ciam:entityType" => "ciam:aggregator"
237
- }
238
- company = contact_person_aggregatore.add_element "md:Company"
239
- company.text = settings.hash_aggregatore['soggetto_aggregatore']
240
-
241
- extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
242
- vat_number_aggregatore = extensions_aggregatore.add_element "ciam:VATNumber"
243
- vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
244
-
245
- ipa_code_aggregatore = extensions_aggregatore.add_element "ciam:IPACode"
246
- ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
247
-
248
- fiscal_code_aggregatore = extensions_aggregatore.add_element "ciam:FiscalCode"
249
- fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
250
-
251
- contact_person_aggregato = root.add_element "md:ContactPerson", {
252
- "contactType" => "other",
253
- "ciam:entityType" => "ciam:aggregated"
254
- }
255
- company = contact_person_aggregato.add_element "md:Company"
256
- company.text = settings.organization['org_name']
257
-
258
- extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
259
- unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
260
- vat_number_aggregato = extensions_aggregato.add_element "ciam:VATNumber"
261
- vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
262
- end
263
- unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
264
- ipa_code_aggregato = extensions_aggregato.add_element "ciam:IPACode"
265
- ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
266
- end
267
- unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
268
- fiscal_code_aggregato = extensions_aggregato.add_element "ciam:FiscalCode"
269
- fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
270
- end
271
- end
272
-
273
224
  #meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
274
225
  meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
275
226
 
@@ -98,8 +98,13 @@ module Ciam
98
98
  parse_time(node, "SessionNotOnOrAfter")
99
99
  end
100
100
  end
101
-
102
101
 
102
+ def session_index
103
+ @session_index ||= begin
104
+ node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
105
+ node.attributes["SessionIndex"] unless node.blank?
106
+ end
107
+ end
103
108
 
104
109
  # Checks the status of the response for a "Success" code
105
110
  def success?
@@ -166,12 +171,6 @@ module Ciam
166
171
 
167
172
  }
168
173
 
169
- issuer_assertion_nodes.each{ |iss|
170
- #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
171
- return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
172
-
173
- }
174
-
175
174
  nodes = issuer_response_nodes + issuer_assertion_nodes
176
175
 
177
176
  nodes.map { |node| Utils.element_text(node) }.compact.uniq
@@ -10,7 +10,7 @@ module Ciam
10
10
  attr_accessor :name_identifier_value, :name_identifier_format
11
11
  attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
12
12
  attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
13
- attr_accessor :skip_validation, :aggregato, :hash_aggregatore
13
+ attr_accessor :skip_validation
14
14
 
15
15
  def initialize(config = {})
16
16
  config.each do |k,v|
@@ -1,5 +1,5 @@
1
1
  module Ciam
2
2
  module Saml
3
- VERSION = '0.6.0'
3
+ VERSION = '0.7.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ciam-es
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Fabiano Pavan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-05 00:00:00.000000000 Z
11
+ date: 2020-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: canonix