cie-es 0.0.3 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.document +0 -0
- data/Gemfile +0 -0
- data/LICENSE +0 -0
- data/README.md +0 -0
- data/Rakefile +0 -0
- data/cie-es.gemspec +1 -1
- data/lib/cie-es.rb +0 -0
- data/lib/cie/ruby-saml/authrequest.rb +12 -10
- data/lib/cie/ruby-saml/coding.rb +0 -0
- data/lib/cie/ruby-saml/error_handling.rb +0 -0
- data/lib/cie/ruby-saml/logging.rb +0 -0
- data/lib/cie/ruby-saml/logout_request.rb +0 -0
- data/lib/cie/ruby-saml/logout_response.rb +0 -0
- data/lib/cie/ruby-saml/metadata.rb +99 -38
- data/lib/cie/ruby-saml/request.rb +0 -0
- data/lib/cie/ruby-saml/response.rb +8 -8
- data/lib/cie/ruby-saml/settings.rb +2 -2
- data/lib/cie/ruby-saml/utils.rb +0 -0
- data/lib/cie/ruby-saml/validation_error.rb +0 -0
- data/lib/cie/ruby-saml/version.rb +0 -0
- data/lib/cie/xml_security.rb +0 -0
- data/lib/cie/xml_security_new.rb +1 -1
- data/lib/schemas/saml20assertion_schema.xsd +0 -0
- data/lib/schemas/saml20protocol_schema.xsd +0 -0
- data/lib/schemas/xenc_schema.xsd +0 -0
- data/lib/schemas/xmldsig_schema.xsd +0 -0
- data/test/certificates/certificate1 +0 -0
- data/test/logoutrequest_test.rb +0 -0
- data/test/request_test.rb +0 -0
- data/test/response_test.rb +0 -0
- data/test/responses/adfs_response_sha1.xml +0 -0
- data/test/responses/adfs_response_sha256.xml +0 -0
- data/test/responses/adfs_response_sha384.xml +0 -0
- data/test/responses/adfs_response_sha512.xml +0 -0
- data/test/responses/no_signature_ns.xml +0 -0
- data/test/responses/open_saml_response.xml +0 -0
- data/test/responses/response1.xml.base64 +0 -0
- data/test/responses/response2.xml.base64 +0 -0
- data/test/responses/response3.xml.base64 +0 -0
- data/test/responses/response4.xml.base64 +0 -0
- data/test/responses/response5.xml.base64 +0 -0
- data/test/responses/response_with_ampersands.xml +0 -0
- data/test/responses/response_with_ampersands.xml.base64 +0 -0
- data/test/responses/simple_saml_php.xml +0 -0
- data/test/responses/wrapped_response_2.xml.base64 +0 -0
- data/test/settings_test.rb +0 -0
- data/test/test_helper.rb +0 -0
- data/test/xml_security_test.rb +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e9b45df15ab2a270e39bababdbfe65400e2b71579f595f9f1ea984d4eea22f9a
|
|
4
|
+
data.tar.gz: 33d10e6d3434f710053ca31696498318e7cb8422e95a052ae0e067406581dbef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f108fb0af0e6bbe2ba8277763d88399e94f6b3d7b1c3cb3cef629b59c7bff06f5033fb708e2b273ec9296c8aeff5404d62af9bba0da16742c26f80f20a7b2aa4
|
|
7
|
+
data.tar.gz: ea5a8cd9060333536452a6e95608cea296d225be6fe2251c3aecf175e190649b53da7f519fe5ff7ee34edbf1984ecb54171bca3a79aa994366bda08b65b45e88
|
data/.document
CHANGED
|
File without changes
|
data/Gemfile
CHANGED
|
File without changes
|
data/LICENSE
CHANGED
|
File without changes
|
data/README.md
CHANGED
|
File without changes
|
data/Rakefile
CHANGED
|
File without changes
|
data/cie-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'cie-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.8'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
data/lib/cie-es.rb
CHANGED
|
File without changes
|
|
@@ -35,7 +35,7 @@ module Cie::Saml
|
|
|
35
35
|
root.attributes['ID'] = uuid
|
|
36
36
|
root.attributes['IssueInstant'] = time
|
|
37
37
|
root.attributes['Version'] = "2.0"
|
|
38
|
-
root.attributes['ProtocolBinding'] =
|
|
38
|
+
root.attributes['ProtocolBinding'] = HTTP_POST
|
|
39
39
|
root.attributes['AttributeConsumingServiceIndex'] = @settings.assertion_consumer_service_index
|
|
40
40
|
root.attributes['ForceAuthn'] = "true"
|
|
41
41
|
root.attributes["AssertionConsumerServiceURL"] = @settings.assertion_consumer_service_url
|
|
@@ -132,23 +132,25 @@ module Cie::Saml
|
|
|
132
132
|
metadata = Metadata::new
|
|
133
133
|
meta_doc = metadata.get_idp_metadata(@settings)
|
|
134
134
|
|
|
135
|
-
# first try
|
|
135
|
+
# first try GET
|
|
136
136
|
sso_element = REXML::XPath.first(meta_doc,
|
|
137
|
-
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{
|
|
137
|
+
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{HTTP_GET}']")
|
|
138
138
|
if sso_element
|
|
139
139
|
@URL = sso_element.attributes["Location"]
|
|
140
|
-
|
|
141
|
-
return "
|
|
140
|
+
Logging.debug "binding_select: GET from #{@URL}"
|
|
141
|
+
return "GET", content_get
|
|
142
142
|
end
|
|
143
|
-
|
|
144
|
-
#
|
|
143
|
+
|
|
144
|
+
# then try POST
|
|
145
145
|
sso_element = REXML::XPath.first(meta_doc,
|
|
146
|
-
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{
|
|
146
|
+
"/EntityDescriptor/IDPSSODescriptor/SingleSignOnService[@Binding='#{HTTP_POST}']")
|
|
147
147
|
if sso_element
|
|
148
148
|
@URL = sso_element.attributes["Location"]
|
|
149
|
-
Logging.debug "binding_select:
|
|
150
|
-
return "
|
|
149
|
+
#Logging.debug "binding_select: POST to #{@URL}"
|
|
150
|
+
return "POST", content_post
|
|
151
151
|
end
|
|
152
|
+
|
|
153
|
+
|
|
152
154
|
# other types we might want to add in the future: SOAP, Artifact
|
|
153
155
|
end
|
|
154
156
|
|
data/lib/cie/ruby-saml/coding.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -33,14 +33,17 @@ module Cie
|
|
|
33
33
|
meta_doc = Cie::XMLSecurityNew::Document.new
|
|
34
34
|
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
35
35
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
36
|
-
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
|
36
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
|
37
|
+
"xmlns:cie" => "https://www.cartaidentita.interno.gov.it/saml-extensions"
|
|
37
38
|
}
|
|
38
39
|
if settings.issuer != nil
|
|
39
40
|
root.attributes["entityID"] = settings.issuer
|
|
40
41
|
end
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
42
|
+
|
|
43
|
+
#Tolgo attributo ID per avere il metadata uguale e non farlo cambiare continuamente
|
|
44
|
+
# uuid = "_" + UUID.new.generate
|
|
45
|
+
# self.uuid = uuid
|
|
46
|
+
# root.attributes["ID"] = uuid
|
|
44
47
|
|
|
45
48
|
sp_sso = root.add_element "md:SPSSODescriptor", {
|
|
46
49
|
"protocolSupportEnumeration" => "urn:oasis:names:tc:SAML:2.0:protocol",
|
|
@@ -200,40 +203,6 @@ module Cie
|
|
|
200
203
|
end
|
|
201
204
|
}
|
|
202
205
|
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
#Per EIDAS
|
|
207
|
-
# #AttributeConsumingService
|
|
208
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
209
|
-
# "index" => "99",
|
|
210
|
-
# }
|
|
211
|
-
# service_name
|
|
212
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
|
213
|
-
# "xml:lang" => "it"
|
|
214
|
-
# }
|
|
215
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
|
216
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
217
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
218
|
-
# "Name" => attribute
|
|
219
|
-
# }
|
|
220
|
-
# }
|
|
221
|
-
|
|
222
|
-
# #AttributeConsumingService
|
|
223
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
224
|
-
# "index" => "100",
|
|
225
|
-
# }
|
|
226
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
|
227
|
-
# "xml:lang" => "it"
|
|
228
|
-
# }
|
|
229
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
|
230
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
231
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
232
|
-
# "Name" => attribute
|
|
233
|
-
# }
|
|
234
|
-
# }
|
|
235
|
-
|
|
236
|
-
|
|
237
206
|
end
|
|
238
207
|
#organization
|
|
239
208
|
organization = root.add_element "md:Organization"
|
|
@@ -250,6 +219,98 @@ module Cie
|
|
|
250
219
|
}
|
|
251
220
|
org_url.text = settings.organization['org_url']
|
|
252
221
|
|
|
222
|
+
#Nuovi tag contactperson
|
|
223
|
+
|
|
224
|
+
contact_person_administrative = root.add_element "md:ContactPerson", {
|
|
225
|
+
"contactType" => "administrative"
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
extensions_administrative = contact_person_administrative.add_element "md:Extensions"
|
|
229
|
+
|
|
230
|
+
public_extension = extensions_administrative.add_element "cie:Public"
|
|
231
|
+
public_extension.text = ""
|
|
232
|
+
|
|
233
|
+
unless settings.hash_ente['ipa_code'].blank?
|
|
234
|
+
ipa_code_ente = extensions_administrative.add_element "cie:IPACode"
|
|
235
|
+
ipa_code_ente.text = settings.hash_ente['ipa_code']
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
ipa_code_catente = extensions_administrative.add_element "cie:IPACategory"
|
|
239
|
+
|
|
240
|
+
unless settings.hash_ente['belfiore'].blank?
|
|
241
|
+
belfiore_ente = extensions_administrative.add_element "cie:Municipality"
|
|
242
|
+
belfiore_ente.text = ( settings.hash_ente['belfiore'].blank? ? '' : settings.hash_ente['belfiore'].upcase )
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
unless settings.hash_ente['organization_name'].blank?
|
|
246
|
+
company_ente = contact_person_administrative.add_element "md:Company"
|
|
247
|
+
company_ente.text = settings.hash_ente['organization_name']
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
unless settings.hash_ente['organization_email'].blank?
|
|
251
|
+
email_address_ente = contact_person_administrative.add_element "md:EmailAddress"
|
|
252
|
+
email_address_ente.text = settings.hash_ente['organization_email']
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
unless settings.hash_ente['organization_tel'].blank?
|
|
256
|
+
telephone_number_ente = contact_person_administrative.add_element "md:TelephoneNumber"
|
|
257
|
+
telephone_number_ente.text = settings.hash_ente['organization_tel']
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
|
|
261
|
+
contact_person_technical = root.add_element "md:ContactPerson", {
|
|
262
|
+
"contactType" => "technical"
|
|
263
|
+
}
|
|
264
|
+
|
|
265
|
+
extensions_private = contact_person_technical.add_element "md:Extensions"
|
|
266
|
+
|
|
267
|
+
private_extension = extensions_private.add_element "cie:Private"
|
|
268
|
+
private_extension.text = ""
|
|
269
|
+
|
|
270
|
+
unless settings.hash_fornitore_servizi['p_iva'].blank?
|
|
271
|
+
vat_number_fornitore = extensions_private.add_element "cie:VATNumber"
|
|
272
|
+
vat_number_fornitore.text = settings.hash_fornitore_servizi['p_iva']
|
|
273
|
+
end
|
|
274
|
+
|
|
275
|
+
unless settings.hash_fornitore_servizi['cf'].blank?
|
|
276
|
+
cf_fornitore = extensions_private.add_element "cie:FiscalCode"
|
|
277
|
+
cf_fornitore.text = settings.hash_fornitore_servizi['cf']
|
|
278
|
+
end
|
|
279
|
+
|
|
280
|
+
unless settings.hash_fornitore_servizi['cod_ateco'].blank?
|
|
281
|
+
cod_ateco_fornitore = extensions_private.add_element "cie:NACE2Code"
|
|
282
|
+
cod_ateco_fornitore.text = settings.hash_fornitore_servizi['cod_ateco']
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
unless settings.hash_fornitore_servizi['cod_istat'].blank?
|
|
286
|
+
cod_istat_fornitore = extensions_private.add_element "cie:Municipality"
|
|
287
|
+
cod_istat_fornitore.text = settings.hash_fornitore_servizi['cod_istat']
|
|
288
|
+
end
|
|
289
|
+
|
|
290
|
+
unless settings.hash_fornitore_servizi['prov'].blank?
|
|
291
|
+
prov_fornitore = extensions_private.add_element "cie:Province"
|
|
292
|
+
prov_fornitore.text = settings.hash_fornitore_servizi['prov']
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
stato_fornitore = extensions_private.add_element "cie:Country"
|
|
296
|
+
stato_fornitore.text = 'IT'
|
|
297
|
+
|
|
298
|
+
unless settings.hash_fornitore_servizi['nome_fornitore'].blank?
|
|
299
|
+
company_aggregatore = contact_person_technical.add_element "md:Company"
|
|
300
|
+
company_aggregatore.text = settings.hash_fornitore_servizi['nome_fornitore']
|
|
301
|
+
end
|
|
302
|
+
|
|
303
|
+
unless settings.hash_fornitore_servizi['email_fornitore'].blank?
|
|
304
|
+
email_address_aggregatore = contact_person_technical.add_element "md:EmailAddress"
|
|
305
|
+
email_address_aggregatore.text = settings.hash_fornitore_servizi['email_fornitore']
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
unless settings.hash_fornitore_servizi['tel_fornitore'].blank?
|
|
309
|
+
telephone_number_aggregatore = contact_person_technical.add_element "md:TelephoneNumber"
|
|
310
|
+
telephone_number_aggregatore.text = settings.hash_fornitore_servizi['tel_fornitore']
|
|
311
|
+
end
|
|
312
|
+
|
|
313
|
+
|
|
253
314
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
|
254
315
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
|
255
316
|
|
|
File without changes
|
|
@@ -160,17 +160,17 @@ module Cie
|
|
|
160
160
|
return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
-
issuer_response_nodes.each{ |iss|
|
|
164
|
-
|
|
165
|
-
|
|
163
|
+
# issuer_response_nodes.each{ |iss|
|
|
164
|
+
# #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
165
|
+
# return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
166
166
|
|
|
167
|
-
}
|
|
167
|
+
# }
|
|
168
168
|
|
|
169
|
-
issuer_assertion_nodes.each{ |iss|
|
|
170
|
-
|
|
171
|
-
|
|
169
|
+
# issuer_assertion_nodes.each{ |iss|
|
|
170
|
+
# #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
171
|
+
# return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
172
172
|
|
|
173
|
-
}
|
|
173
|
+
# }
|
|
174
174
|
|
|
175
175
|
nodes = issuer_response_nodes + issuer_assertion_nodes
|
|
176
176
|
|
|
@@ -10,7 +10,7 @@ module Cie
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation
|
|
13
|
+
attr_accessor :skip_validation, :hash_ente, :hash_fornitore_servizi
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
|
@@ -19,7 +19,7 @@ module Cie
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
# Set some sane default values on a few options
|
|
22
|
-
self.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
|
|
22
|
+
self.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
23
23
|
self.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
24
24
|
# Default cache TTL for metadata is 1 day
|
|
25
25
|
self.idp_metadata_ttl = 86400
|
data/lib/cie/ruby-saml/utils.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/lib/cie/xml_security.rb
CHANGED
|
File without changes
|
data/lib/cie/xml_security_new.rb
CHANGED
|
@@ -126,7 +126,7 @@ module Cie
|
|
|
126
126
|
signed_info_element.add_element("ds:SignatureMethod", {"Algorithm"=>signature_method})
|
|
127
127
|
|
|
128
128
|
# Add Reference
|
|
129
|
-
reference_element = signed_info_element.add_element("ds:Reference"
|
|
129
|
+
reference_element = signed_info_element.add_element("ds:Reference")
|
|
130
130
|
|
|
131
131
|
# Add Transforms
|
|
132
132
|
transforms_element = reference_element.add_element("ds:Transforms")
|
|
File without changes
|
|
File without changes
|
data/lib/schemas/xenc_schema.xsd
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/test/logoutrequest_test.rb
CHANGED
|
File without changes
|
data/test/request_test.rb
CHANGED
|
File without changes
|
data/test/response_test.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/test/settings_test.rb
CHANGED
|
File without changes
|
data/test/test_helper.rb
CHANGED
|
File without changes
|
data/test/xml_security_test.rb
CHANGED
|
File without changes
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cie-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|
|
@@ -112,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
112
112
|
- !ruby/object:Gem::Version
|
|
113
113
|
version: '0'
|
|
114
114
|
requirements: []
|
|
115
|
-
rubygems_version: 3.0.
|
|
115
|
+
rubygems_version: 3.0.8
|
|
116
116
|
signing_key:
|
|
117
117
|
specification_version: 4
|
|
118
118
|
summary: SAML Ruby Toolkit Cie
|