ciam-es 0.0.3 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8776dcc691c65c5104bc990b84c51693a1e9df07f22a9775c1459a68b58bb938
-  data.tar.gz: 197e0f5cf866e9eae24bdcff42daacfad4f2adc1dfe21c8f1a7e5edc829b7e21
+  metadata.gz: bb9b46bf824cdacb850c58b9738b9d721c867f581b408c31bb73c8825ffd12e6
+  data.tar.gz: 4ce376174e42c4591a92b69492dc74d99a4bbac0bcf2f4e52ef8ba5dcc5f795e
 SHA512:
-  metadata.gz: e4339837cc5e758da12008514e6f4b68323493c8142d98094cc77a09a42af152e03ad9b4f0e70c7673b9f69dd0238ddd5c146dca8688757c66cdfde4b772d3a8
-  data.tar.gz: c6485798511c4ff4f37edc60319d78aace2515987376291256d23cea9f097e44a933e976c2b1e31be73c5798fa42265f989f3a55563f9e658567a56de46a4fc1
+  metadata.gz: 9c97441c42eaeee5054c18d60d453dd9c484f33497974ff7bf8570efcfe638a3a1084529b486c837cbbef703f2f2ea6ffb9fbdd2c1225d6c2b98584b6be5eb57
+  data.tar.gz: 2172dedd7b152474215633d2cdae4e7bf3f15bed9c8ac52ec4175bce16490104140a23c6d65560b96dbbcb563a2730b7d99ad5e9535eae64dad4981e957af9d1

data/ciam-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'ciam-es'
-  s.version = '0.0.3'
+  s.version = '0.0.8'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

data/lib/ciam/ruby-saml/logout_request.rb

@@ -41,26 +41,24 @@ module Ciam::Saml
       request_doc.context[:attribute_quote] = :quote
       
                                 
-      root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL }
+      root = request_doc.add_element "samlp:LogoutRequest", { "xmlns:samlp" => PROTOCOL, "xmlns:saml" => ASSERTION }
       root.attributes['ID'] = @transaction_id
       root.attributes['IssueInstant'] = @issue_instant
       root.attributes['Version'] = "2.0"
       root.attributes['Destination'] = @settings.single_logout_destination
       
-      issuer = root.add_element "saml2:Issuer", { "xmlns:saml2" => ASSERTION  }
-      issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
-      #issuer.text = @settings.issuer
-      #per la federazione trentina qui ci vanno i metadati...
-      issuer.text = @settings.idp_metadata
+      issuer = root.add_element "saml:Issuer"#, { "xmlns:saml2" => ASSERTION  }
+      #issuer.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
+      issuer.text = @settings.issuer
 
-      name_id = root.add_element "saml2:NameID", { "xmlns:saml2" => ASSERTION }
+      name_id = root.add_element "saml:NameID"#, { "xmlns:saml2" => ASSERTION }
       name_id.attributes['Format'] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
       name_id.attributes['NameQualifier'] = @settings.idp_name_qualifier
       name_id.text = opt[:name_id]
       # I believe the rest of these are optional
-      if @settings && @settings.sp_name_qualifier
-        name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
-      end
+      # if @settings && @settings.sp_name_qualifier
+      #   name_id.attributes["SPNameQualifier"] = @settings.sp_name_qualifier
+      # end
       if opt[:session_index] 
         session_index = root.add_element "samlp:SessionIndex" #, { "xmlns:samlp" => PROTOCOL }
         session_index.text = opt[:session_index]

data/lib/ciam/ruby-saml/logout_response.rb

@@ -5,13 +5,15 @@ require "rexml/document"
 module Ciam
   module Saml
     class LogoutResponse
-      include Coding
+        include Coding
 		include Request
 		ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
 		PROTOCOL  = "urn:oasis:names:tc:SAML:2.0:protocol"
 		DSIG      = "http://www.w3.org/2000/09/xmldsig#"
 
-      def initialize( options = { } )
+		attr_accessor :settings
+
+		def initialize( options = { } )
 			opt = { :response => nil, :settings => nil }.merge(options)
 			# We've recieved a LogoutResponse from the IdP 
 			if opt[:response]
@@ -32,7 +34,7 @@ module Ciam
 			if opt[:settings]
 				@settings = opt[:settings]
 			end
-      end
+		end
 
 		# Create a LogoutResponse to to the IdP's LogoutRequest
 		#  (For IdP initiated SLO)
@@ -42,11 +44,12 @@ module Ciam
 				:status => "urn:oasis:names:tc:SAML:2.0:status:Success", 
 				:extra_parameters => nil }.merge(options)
 			return nil if opt[:transaction_id].nil?
-			@response = REXML::Document.new
-			@response.context[:attribute_quote] = :quote
+			response_doc = Ciam::XMLSecurityNew::Document.new
+			response_doc.context[:attribute_quote] = :quote
+
 			uuid = "_" + UUID.new.generate
 			time = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
-			root = @response.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
+			root = response_doc.add_element "saml2p:LogoutResponse", { "xmlns:saml2p" => PROTOCOL }
 			root.attributes['ID'] = uuid
 			root.attributes['IssueInstant'] = time
 			root.attributes['Version'] = "2.0"
@@ -68,44 +71,56 @@ module Ciam
 				}
 				issuer.text = @settings.issuer
 			end
-			meta = Metadata.new( @settings )
-			Logging.debug "Created LogoutResponse:\n#{@response}"
-			return meta.create_slo_response( to_s, opt[:extra_parameters] )
+
+			response_doc << REXML::XMLDecl.new("1.0", "UTF-8")
+      		#sign logout_response
+      		cert = @settings.get_cert(@settings.sp_cert)
+
+			# embed signature
+			if @settings.metadata_signed && @settings.sp_private_key && @settings.sp_cert
+				private_key = @settings.get_sp_key
+				response_doc.sign_document(private_key, cert)
+			  end
 			
-			#root.attributes['Destination'] = action
+			Logging.debug "Created LogoutResponse:\n #{response_doc}"
 			
+			return response_doc.to_s
+
 		end
+
 		# function to return the created request as an XML document
 		def to_xml
 			text = ""
 			@response.write(text, 1)
 			return text
 		end
+
 		def to_s
 			@response.to_s
 		end
 		
-      def issuer
-			element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", { 
-						"p" => PROTOCOL, "a" => ASSERTION} )
-			return nil if element.nil?
-			element.text
-      end
+		def issuer
+				element = REXML::XPath.first(@response, "/p:LogoutResponse/a:Issuer", { 
+							"p" => PROTOCOL, "a" => ASSERTION} )
+				return nil if element.nil?
+				element.text
+		end
 
-      def in_response_to
+		def in_response_to
 			element = REXML::XPath.first(@response, "/p:LogoutResponse", {
 					 "p" => PROTOCOL })
 			return nil if element.nil?
-        element.attributes["InResponseTo"]
-      end
+        	element.attributes["InResponseTo"]
+      	end
 
-      def success?
+      	def success?
 			element = REXML::XPath.first(@response, "/p:LogoutResponse/p:Status/p:StatusCode", {
 					"p" => PROTOCOL })
 			return false if element.nil?
-        element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
-        
-      end
+			element.attributes["Value"] == "urn:oasis:names:tc:SAML:2.0:status:Success"
+			
+		end
+
 		def is_valid?
 			validate(soft = true)
 		end
@@ -113,6 +128,7 @@ module Ciam
 		def validate!
 			validate( soft = false )
 		end
+
 		def validate( soft = true )
 			return false if @response.nil?
 			# Skip validation with a failed response if we don't have settings
@@ -123,10 +139,12 @@ module Ciam
 			
 		end
 
-    protected
+	protected
+	
       def document
         REXML::Document.new(@response)
       end
-    end
+	
+	end
   end
 end

data/lib/ciam/ruby-saml/metadata.rb

@@ -30,18 +30,10 @@ module Ciam
       def generate(settings)
         #meta_doc = REXML::Document.new
         meta_doc = Ciam::XMLSecurityNew::Document.new
-        if settings.aggregato
-          root = meta_doc.add_element "md:EntityDescriptor", { 
-            "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
-            "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace",
-            "xmlns:ciam"        => "https://ciam.gov.it/saml-extensions",
-          }
-        else
-          root = meta_doc.add_element "md:EntityDescriptor", { 
+        root = meta_doc.add_element "md:EntityDescriptor", { 
             "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
             "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace"
           }
-        end
         
         if settings.issuer != nil
           root.attributes["entityID"] = settings.issuer
@@ -223,53 +215,12 @@ module Ciam
             "xml:lang" => "it"
         }
     
-        org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
+        org_display_name.text = settings.organization['org_display_name']
         org_url = organization.add_element "md:OrganizationURL", {
             "xml:lang" => "it"
         }
         org_url.text = settings.organization['org_url']
 
-        #ContactPerson per sp aggregato
-        if settings.aggregato
-          contact_person_aggregatore = root.add_element "md:ContactPerson", {
-            "contactType" => "other",
-            "ciam:entityType" => "ciam:aggregator"
-          }
-          company = contact_person_aggregatore.add_element "md:Company"
-          company.text = settings.hash_aggregatore['soggetto_aggregatore']
-
-          extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
-          vat_number_aggregatore = extensions_aggregatore.add_element "ciam:VATNumber"
-          vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
-          
-          ipa_code_aggregatore = extensions_aggregatore.add_element "ciam:IPACode"
-          ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
-
-          fiscal_code_aggregatore = extensions_aggregatore.add_element "ciam:FiscalCode"
-          fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
-
-          contact_person_aggregato = root.add_element "md:ContactPerson", {
-            "contactType" => "other",
-            "ciam:entityType" => "ciam:aggregated"
-          }
-          company = contact_person_aggregato.add_element "md:Company"
-          company.text = settings.organization['org_name']
-
-          extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
-          unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
-            vat_number_aggregato = extensions_aggregato.add_element "ciam:VATNumber"
-            vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
-          end
-          unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
-            ipa_code_aggregato = extensions_aggregato.add_element "ciam:IPACode" 
-            ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
-          end
-          unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
-            fiscal_code_aggregato = extensions_aggregato.add_element "ciam:FiscalCode" 
-            fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
-          end
-        end
-
         #meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
         meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
 

data/lib/ciam/ruby-saml/response.rb

@@ -98,8 +98,13 @@ module Ciam
             parse_time(node, "SessionNotOnOrAfter")
           end
         end
-        
 
+        def session_index
+          @session_index ||= begin
+            node = REXML::XPath.first(document, "/p:Response/a:Assertion/a:AuthnStatement", { "p" => PROTOCOL, "a" => ASSERTION })
+            node.attributes["SessionIndex"] unless node.blank?
+          end
+        end
 
         # Checks the status of the response for a "Success" code
         def success?
@@ -166,12 +171,6 @@ module Ciam
 
             }
 
-            issuer_assertion_nodes.each{ |iss|
-              #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
-              return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
-
-            }
-
             nodes = issuer_response_nodes + issuer_assertion_nodes
 
             nodes.map { |node| Utils.element_text(node) }.compact.uniq

data/lib/ciam/ruby-saml/settings.rb

@@ -10,7 +10,7 @@ module Ciam
       attr_accessor :name_identifier_value, :name_identifier_format
       attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
       attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
-      attr_accessor :skip_validation, :aggregato, :hash_aggregatore
+      attr_accessor :skip_validation
     
       def initialize(config = {})
         config.each do |k,v|

data/lib/ciam/ruby-saml/version.rb

@@ -1,5 +1,5 @@
 module Ciam
   module Saml
-    VERSION = '0.6.0'
+    VERSION = '0.7.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ciam-es
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.8
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-05 00:00:00.000000000 Z
+date: 2020-09-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix