cie-es 0.0.3 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.document +0 -0
- data/Gemfile +0 -0
- data/LICENSE +0 -0
- data/README.md +0 -0
- data/Rakefile +0 -0
- data/cie-es.gemspec +1 -1
- data/lib/cie-es.rb +0 -0
- data/lib/cie/ruby-saml/authrequest.rb +12 -10
- data/lib/cie/ruby-saml/coding.rb +0 -0
- data/lib/cie/ruby-saml/error_handling.rb +0 -0
- data/lib/cie/ruby-saml/logging.rb +0 -0
- data/lib/cie/ruby-saml/logout_request.rb +0 -0
- data/lib/cie/ruby-saml/logout_response.rb +0 -0
- data/lib/cie/ruby-saml/metadata.rb +99 -38
- data/lib/cie/ruby-saml/request.rb +0 -0
- data/lib/cie/ruby-saml/response.rb +8 -8
- data/lib/cie/ruby-saml/settings.rb +2 -2
- data/lib/cie/ruby-saml/utils.rb +0 -0
- data/lib/cie/ruby-saml/validation_error.rb +0 -0
- data/lib/cie/ruby-saml/version.rb +0 -0
- data/lib/cie/xml_security.rb +0 -0
- data/lib/cie/xml_security_new.rb +1 -1
- data/lib/schemas/saml20assertion_schema.xsd +0 -0
- data/lib/schemas/saml20protocol_schema.xsd +0 -0
- data/lib/schemas/xenc_schema.xsd +0 -0
- data/lib/schemas/xmldsig_schema.xsd +0 -0
- data/test/certificates/certificate1 +0 -0
- data/test/logoutrequest_test.rb +0 -0
- data/test/request_test.rb +0 -0
- data/test/response_test.rb +0 -0
- data/test/responses/adfs_response_sha1.xml +0 -0
- data/test/responses/adfs_response_sha256.xml +0 -0
- data/test/responses/adfs_response_sha384.xml +0 -0
- data/test/responses/adfs_response_sha512.xml +0 -0
- data/test/responses/no_signature_ns.xml +0 -0
- data/test/responses/open_saml_response.xml +0 -0
- data/test/responses/response1.xml.base64 +0 -0
- data/test/responses/response2.xml.base64 +0 -0
- data/test/responses/response3.xml.base64 +0 -0
- data/test/responses/response4.xml.base64 +0 -0
- data/test/responses/response5.xml.base64 +0 -0
- data/test/responses/response_with_ampersands.xml +0 -0
- data/test/responses/response_with_ampersands.xml.base64 +0 -0
- data/test/responses/simple_saml_php.xml +0 -0
- data/test/responses/wrapped_response_2.xml.base64 +0 -0
- data/test/settings_test.rb +0 -0
- data/test/test_helper.rb +0 -0
- data/test/xml_security_test.rb +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e9b45df15ab2a270e39bababdbfe65400e2b71579f595f9f1ea984d4eea22f9a
|
|
4
|
+
data.tar.gz: 33d10e6d3434f710053ca31696498318e7cb8422e95a052ae0e067406581dbef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f108fb0af0e6bbe2ba8277763d88399e94f6b3d7b1c3cb3cef629b59c7bff06f5033fb708e2b273ec9296c8aeff5404d62af9bba0da16742c26f80f20a7b2aa4
|
|
7
|
+
data.tar.gz: ea5a8cd9060333536452a6e95608cea296d225be6fe2251c3aecf175e190649b53da7f519fe5ff7ee34edbf1984ecb54171bca3a79aa994366bda08b65b45e88
|
data/.document
CHANGED
|
File without changes
|
data/Gemfile
CHANGED
|
File without changes
|
data/LICENSE
CHANGED
|
File without changes
|
data/README.md
CHANGED
|
File without changes
|
data/Rakefile
CHANGED
|
File without changes
|
data/cie-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'cie-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.8'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
data/lib/cie-es.rb
CHANGED
|
File without changes
|
|
@@ -35,7 +35,7 @@ module Cie::Saml
|
|
|
35
35
|
root.attributes['ID'] = uuid
|
|
36
36
|
root.attributes['IssueInstant'] = time
|
|
37
37
|
root.attributes['Version'] = "2.0"
|
|
38
|
-
root.attributes['ProtocolBinding'] =
|
|
38
|
+
root.attributes['ProtocolBinding'] = HTTP_POST
|
|
39
39
|
root.attributes['AttributeConsumingServiceIndex'] = @settings.assertion_consumer_service_index
|
|
40
40
|
root.attributes['ForceAuthn'] = "true"
|
|
41
41
|
root.attributes["AssertionConsumerServiceURL"] = @settings.assertion_consumer_service_url
|
|
@@ -132,23 +132,25 @@ module Cie::Saml
|
|
|
132
132
|
metadata = Metadata::new
|
|
133
133
|
meta_doc = metadata.get_idp_metadata(@settings)
|
|
134
134
|
|
|
135
|
-
# first try
|
|
135
|
+
# first try GET
|
|
136
136
|
sso_element = REXML::XPath.first(meta_doc,
|
|
137
|
-
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{
|
|
137
|
+
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{HTTP_GET}']")
|
|
138
138
|
if sso_element
|
|
139
139
|
@URL = sso_element.attributes["Location"]
|
|
140
|
-
|
|
141
|
-
return "
|
|
140
|
+
Logging.debug "binding_select: GET from #{@URL}"
|
|
141
|
+
return "GET", content_get
|
|
142
142
|
end
|
|
143
|
-
|
|
144
|
-
#
|
|
143
|
+
|
|
144
|
+
# then try POST
|
|
145
145
|
sso_element = REXML::XPath.first(meta_doc,
|
|
146
|
-
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{
|
|
146
|
+
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{HTTP_POST}']")
|
|
147
147
|
if sso_element
|
|
148
148
|
@URL = sso_element.attributes["Location"]
|
|
149
|
-
Logging.debug "binding_select:
|
|
150
|
-
return "
|
|
149
|
+
#Logging.debug "binding_select: POST to #{@URL}"
|
|
150
|
+
return "POST", content_post
|
|
151
151
|
end
|
|
152
|
+
|
|
153
|
+
|
|
152
154
|
# other types we might want to add in the future: SOAP, Artifact
|
|
153
155
|
end
|
|
154
156
|
|
data/lib/cie/ruby-saml/coding.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -33,14 +33,17 @@ module Cie
|
|
|
33
33
|
meta_doc = Cie::XMLSecurityNew::Document.new
|
|
34
34
|
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
35
35
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
36
|
-
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
|
36
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
|
37
|
+
"xmlns:cie" => "https://www.cartaidentita.interno.gov.it/saml-extensions"
|
|
37
38
|
}
|
|
38
39
|
if settings.issuer != nil
|
|
39
40
|
root.attributes["entityID"] = settings.issuer
|
|
40
41
|
end
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
42
|
+
|
|
43
|
+
#Tolgo attributo ID per avere il metadata uguale e non farlo cambiare continuamente
|
|
44
|
+
# uuid = "_" + UUID.new.generate
|
|
45
|
+
# self.uuid = uuid
|
|
46
|
+
# root.attributes["ID"] = uuid
|
|
44
47
|
|
|
45
48
|
sp_sso = root.add_element "md:SPSSODescriptor", {
|
|
46
49
|
"protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
|
@@ -200,40 +203,6 @@ module Cie
|
|
|
200
203
|
end
|
|
201
204
|
}
|
|
202
205
|
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
#Per EIDAS
|
|
207
|
-
# #AttributeConsumingService
|
|
208
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
209
|
-
# "index" => "99",
|
|
210
|
-
# }
|
|
211
|
-
# service_name
|
|
212
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
|
213
|
-
# "xml:lang" => "it"
|
|
214
|
-
# }
|
|
215
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
|
216
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
217
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
218
|
-
# "Name" => attribute
|
|
219
|
-
# }
|
|
220
|
-
# }
|
|
221
|
-
|
|
222
|
-
# #AttributeConsumingService
|
|
223
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
224
|
-
# "index" => "100",
|
|
225
|
-
# }
|
|
226
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
|
227
|
-
# "xml:lang" => "it"
|
|
228
|
-
# }
|
|
229
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
|
230
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
231
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
232
|
-
# "Name" => attribute
|
|
233
|
-
# }
|
|
234
|
-
# }
|
|
235
|
-
|
|
236
|
-
|
|
237
206
|
end
|
|
238
207
|
#organization
|
|
239
208
|
organization = root.add_element "md:Organization"
|
|
@@ -250,6 +219,98 @@ module Cie
|
|
|
250
219
|
}
|
|
251
220
|
org_url.text = settings.organization['org_url']
|
|
252
221
|
|
|
222
|
+
#Nuovi tag contactperson
|
|
223
|
+
|
|
224
|
+
contact_person_administrative = root.add_element "md:ContactPerson", {
|
|
225
|
+
"contactType" => "administrative"
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
extensions_administrative = contact_person_administrative.add_element "md:Extensions"
|
|
229
|
+
|
|
230
|
+
public_extension = extensions_administrative.add_element "cie:Public"
|
|
231
|
+
public_extension.text = ""
|
|
232
|
+
|
|
233
|
+
unless settings.hash_ente['ipa_code'].blank?
|
|
234
|
+
ipa_code_ente = extensions_administrative.add_element "cie:IPACode"
|
|
235
|
+
ipa_code_ente.text = settings.hash_ente['ipa_code']
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
ipa_code_catente = extensions_administrative.add_element "cie:IPACategory"
|
|
239
|
+
|
|
240
|
+
unless settings.hash_ente['belfiore'].blank?
|
|
241
|
+
belfiore_ente = extensions_administrative.add_element "cie:Municipality"
|
|
242
|
+
belfiore_ente.text = ( settings.hash_ente['belfiore'].blank? ? '' : settings.hash_ente['belfiore'].upcase )
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
unless settings.hash_ente['organization_name'].blank?
|
|
246
|
+
company_ente = contact_person_administrative.add_element "md:Company"
|
|
247
|
+
company_ente.text = settings.hash_ente['organization_name']
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
unless settings.hash_ente['organization_email'].blank?
|
|
251
|
+
email_address_ente = contact_person_administrative.add_element "md:EmailAddress"
|
|
252
|
+
email_address_ente.text = settings.hash_ente['organization_email']
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
unless settings.hash_ente['organization_tel'].blank?
|
|
256
|
+
telephone_number_ente = contact_person_administrative.add_element "md:TelephoneNumber"
|
|
257
|
+
telephone_number_ente.text = settings.hash_ente['organization_tel']
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
|
|
261
|
+
contact_person_technical = root.add_element "md:ContactPerson", {
|
|
262
|
+
"contactType" => "technical"
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
extensions_private = contact_person_technical.add_element "md:Extensions"
|
|
266
|
+
|
|
267
|
+
private_extension = extensions_private.add_element "cie:Private"
|
|
268
|
+
private_extension.text = ""
|
|
269
|
+
|
|
270
|
+
unless settings.hash_fornitore_servizi['p_iva'].blank?
|
|
271
|
+
vat_number_fornitore = extensions_private.add_element "cie:VATNumber"
|
|
272
|
+
vat_number_fornitore.text = settings.hash_fornitore_servizi['p_iva']
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
unless settings.hash_fornitore_servizi['cf'].blank?
|
|
276
|
+
cf_fornitore = extensions_private.add_element "cie:FiscalCode"
|
|
277
|
+
cf_fornitore.text = settings.hash_fornitore_servizi['cf']
|
|
278
|
+
end
|
|
279
|
+
|
|
280
|
+
unless settings.hash_fornitore_servizi['cod_ateco'].blank?
|
|
281
|
+
cod_ateco_fornitore = extensions_private.add_element "cie:NACE2Code"
|
|
282
|
+
cod_ateco_fornitore.text = settings.hash_fornitore_servizi['cod_ateco']
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
unless settings.hash_fornitore_servizi['cod_istat'].blank?
|
|
286
|
+
cod_istat_fornitore = extensions_private.add_element "cie:Municipality"
|
|
287
|
+
cod_istat_fornitore.text = settings.hash_fornitore_servizi['cod_istat']
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
unless settings.hash_fornitore_servizi['prov'].blank?
|
|
291
|
+
prov_fornitore = extensions_private.add_element "cie:Province"
|
|
292
|
+
prov_fornitore.text = settings.hash_fornitore_servizi['prov']
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
stato_fornitore = extensions_private.add_element "cie:Country"
|
|
296
|
+
stato_fornitore.text = 'IT'
|
|
297
|
+
|
|
298
|
+
unless settings.hash_fornitore_servizi['nome_fornitore'].blank?
|
|
299
|
+
company_aggregatore = contact_person_technical.add_element "md:Company"
|
|
300
|
+
company_aggregatore.text = settings.hash_fornitore_servizi['nome_fornitore']
|
|
301
|
+
end
|
|
302
|
+
|
|
303
|
+
unless settings.hash_fornitore_servizi['email_fornitore'].blank?
|
|
304
|
+
email_address_aggregatore = contact_person_technical.add_element "md:EmailAddress"
|
|
305
|
+
email_address_aggregatore.text = settings.hash_fornitore_servizi['email_fornitore']
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
unless settings.hash_fornitore_servizi['tel_fornitore'].blank?
|
|
309
|
+
telephone_number_aggregatore = contact_person_technical.add_element "md:TelephoneNumber"
|
|
310
|
+
telephone_number_aggregatore.text = settings.hash_fornitore_servizi['tel_fornitore']
|
|
311
|
+
end
|
|
312
|
+
|
|
313
|
+
|
|
253
314
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
|
254
315
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
|
255
316
|
|
|
File without changes
|
|
@@ -160,17 +160,17 @@ module Cie
|
|
|
160
160
|
return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
-
issuer_response_nodes.each{ |iss|
|
|
164
|
-
|
|
165
|
-
|
|
163
|
+
# issuer_response_nodes.each{ |iss|
|
|
164
|
+
# #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
165
|
+
# return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
166
166
|
|
|
167
|
-
}
|
|
167
|
+
# }
|
|
168
168
|
|
|
169
|
-
issuer_assertion_nodes.each{ |iss|
|
|
170
|
-
|
|
171
|
-
|
|
169
|
+
# issuer_assertion_nodes.each{ |iss|
|
|
170
|
+
# #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
171
|
+
# return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
172
172
|
|
|
173
|
-
}
|
|
173
|
+
# }
|
|
174
174
|
|
|
175
175
|
nodes = issuer_response_nodes + issuer_assertion_nodes
|
|
176
176
|
|
|
@@ -10,7 +10,7 @@ module Cie
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation
|
|
13
|
+
attr_accessor :skip_validation, :hash_ente, :hash_fornitore_servizi
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
|
@@ -19,7 +19,7 @@ module Cie
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
# Set some sane default values on a few options
|
|
22
|
-
self.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
|
|
22
|
+
self.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
23
23
|
self.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
24
24
|
# Default cache TTL for metadata is 1 day
|
|
25
25
|
self.idp_metadata_ttl = 86400
|
data/lib/cie/ruby-saml/utils.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/lib/cie/xml_security.rb
CHANGED
|
File without changes
|
data/lib/cie/xml_security_new.rb
CHANGED
|
@@ -126,7 +126,7 @@ module Cie
|
|
|
126
126
|
signed_info_element.add_element("ds:SignatureMethod", {"Algorithm"=>signature_method})
|
|
127
127
|
|
|
128
128
|
# Add Reference
|
|
129
|
-
reference_element = signed_info_element.add_element("ds:Reference"
|
|
129
|
+
reference_element = signed_info_element.add_element("ds:Reference")
|
|
130
130
|
|
|
131
131
|
# Add Transforms
|
|
132
132
|
transforms_element = reference_element.add_element("ds:Transforms")
|
|
File without changes
|
|
File without changes
|
data/lib/schemas/xenc_schema.xsd
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/test/logoutrequest_test.rb
CHANGED
|
File without changes
|
data/test/request_test.rb
CHANGED
|
File without changes
|
data/test/response_test.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/test/settings_test.rb
CHANGED
|
File without changes
|
data/test/test_helper.rb
CHANGED
|
File without changes
|
data/test/xml_security_test.rb
CHANGED
|
File without changes
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cie-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|
|
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
112
112
|
- !ruby/object:Gem::Version
|
|
113
113
|
version: '0'
|
|
114
114
|
requirements: []
|
|
115
|
-
rubygems_version: 3.0.
|
|
115
|
+
rubygems_version: 3.0.8
|
|
116
116
|
signing_key:
|
|
117
117
|
specification_version: 4
|
|
118
118
|
summary: SAML Ruby Toolkit Cie
|