libsaml 2.1.0 → 2.1.2

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    OGYxNjQ4ZDFiYTBiNWNkODE0NWZkOTIxZWUwZjU2ODk0YmQxNGE2OA==
-  data.tar.gz: !binary |-
-    ZTcxMjVjMDJkNzA2NjRhMDcyNDQ3ZmVkNjBmZjFjYWEzYTFhOTE4NQ==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    ZGFjMzNhNmM2ODViOTAyMjAwYjQ1ZWE4YjYzOTU3MjQwNmUwNmY0YjNiNzU1
-    NjcxNmRhNGMyNGI2NzlkMzc4ZGM2MTlhNGFjNWIwZDNiYWU2M2FiZTIzY2Vh
-    Nzg0MmIxZDc4NTFiZTY0MGIwMzc4ZTgxZTY0YTRkMWI4ZWZjMjc=
-  data.tar.gz: !binary |-
-    NGQ5YWMwM2I3OWExODk4ZmUzMGMyMTM0NzdjNzM2MGIwY2FiM2U2MTg5ZGMz
-    ZDJhNDIyZWEwMzM4MzIzZDA3Y2MyN2RjNGU0MzExYjEyYjhiNDI4OGY5NWE4
-    ZjJiOWM1NjUwZDgyMDJmYmY2ZWY5MzEzMWNmMmU2NzhlZTZjOWQ=
+SHA1:
+  metadata.gz: 04f6dac96a32dd7f02bda7921058ebc8fd319013
+  data.tar.gz: fa9dec218ddb5b563f89070afcd863b220ce64f6
+SHA512:
+  metadata.gz: de6902e57a8c3fca4bec943e354f81d74c717fe2ab7488e178253e03340ea672e4ed5ecb88763e1ca268688b22ac2e265b932e93e1190dcf65800a2a085f64a0
+  data.tar.gz: 24209759a83b2322fe82fa6a06119420fc2267a1ea1f935ddf1ab6de6596b0b8c40700c3fd6de5c3a5fff26d39877c7a80fef1cb90b159ec43d2ff8621ae7636

data/README.rdoc

@@ -49,7 +49,7 @@ Add the Service Provider configuration file to config/metadata/service_provider.
 
 Set up an intializer in config/initializers/saml_config.rb:
   Saml.setup do |config|
-    config.register_store :file, Saml::ProviderStore::File.new("config/metadata", "config/ssl/key.pem"), default: true
+    config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
   end
 
 By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the #provider_store function in the initializer and make a model that defines #find_by_entity_id:

data/lib/saml.rb

@@ -102,6 +102,7 @@ module Saml
     require 'saml/elements/status'
     require 'saml/elements/subject_confirmation_data'
     require 'saml/elements/subject_confirmation'
+    require 'saml/elements/encrypted_assertion'
     require 'saml/elements/encrypted_attribute'
     require 'saml/elements/attribute'
     require 'saml/elements/attribute_statement'

data/lib/saml/artifact.rb

@@ -14,7 +14,7 @@ module Saml
       if artifact
         @artifact = artifact
       else
-        source_id       = ::Digest::SHA1.digest(Saml.current_provider.entity_id)
+        source_id       = ::Digest::SHA1.digest(Saml.current_provider.entity_id.to_s)
         message_handle  = ::SecureRandom.random_bytes(20)
         @type_code      = TYPE_CODE
         @endpoint_index = END_POINT_INDEX

data/lib/saml/bindings/http_post.rb

@@ -21,7 +21,9 @@ module Saml
           message             = Saml::Encoding.decode_64(request.params["SAMLRequest"] || request.params["SAMLResponse"])
           request_or_response = Saml.parse_message(message, type)
 
-          Saml::Util.verify_xml(request_or_response, message)
+          verified_request_or_response = Saml::Util.verify_xml(request_or_response, message)
+          verified_request_or_response.actual_destination = request.url
+          verified_request_or_response
         end
       end
     end

data/lib/saml/bindings/http_redirect.rb

@@ -19,6 +19,7 @@ module Saml
 
           redirect_binding.verify_signature(query_string) if request_or_response.provider.authn_requests_signed?
 
+          request_or_response.actual_destination = http_request.url
           request_or_response
         end
 

data/lib/saml/complex_types/request_abstract_type.rb

@@ -12,21 +12,24 @@ module Saml
         register_namespace 'saml', Saml::SAML_NAMESPACE
         namespace 'samlp'
 
-        attribute :_id, String, :tag => 'ID'
-        attribute :version, String, :tag => "Version"
-        attribute :issue_instant, Time, :tag => "IssueInstant", :on_save => lambda { |val| val.utc.xmlschema if val.present? }
-        attribute :consent, String, :tag => "Consent"
+        attribute :_id, String, tag: 'ID'
+        attribute :version, String, tag: 'Version'
+        attribute :issue_instant, Time, tag: 'IssueInstant', on_save: lambda { |val| val.utc.xmlschema if val.present? }
+        attribute :consent, String, tag: 'Consent'
 
-        attribute :destination, String, :tag => "Destination"
-        element :issuer, String, :namespace => 'saml', :tag => "Issuer"
+        attribute :destination, String, tag: 'Destination'
+        element :issuer, String, namespace: 'saml', tag: 'Issuer'
 
         has_one :signature, Saml::Elements::Signature
         has_one :extensions, Saml::Elements::SAMLPExtensions
 
-        validates :_id, :version, :issue_instant, :presence => true
+        attr_accessor :actual_destination
+
+        validates :_id, :version, :issue_instant, presence: true
 
         validates :version, inclusion: %w(2.0)
-        validate :check_issue_instant, :if => "issue_instant.present?"
+        validate :check_destination, if: 'destination.present? && actual_destination.present?'
+        validate :check_issue_instant, if: 'issue_instant.present?'
       end
 
       def initialize(*args)
@@ -48,6 +51,10 @@ module Saml
         errors.add(:issue_instant, :too_old) if issue_instant < Time.now - Saml::Config.max_issue_instant_offset.minutes
         errors.add(:issue_instant, :too_new) if issue_instant > Time.now + Saml::Config.max_issue_instant_offset.minutes
       end
+
+      def check_destination
+        errors.add(:destination, :invalid) unless actual_destination.start_with?(destination)
+      end
     end
   end
 end

data/lib/saml/complex_types/sso_descriptor_type.rb

@@ -25,7 +25,7 @@ module Saml
 
         attribute :protocol_support_enumeration, String, :tag => "protocolSupportEnumeration"
         attribute :valid_until, Time, :tag => "validUntil"
-        attribute :cache_duration, Integer, :tag => "cacheDuration"
+        attribute :cache_duration, String, :tag => "cacheDuration"
         attribute :error_url, String, :tag => "errorURL"
 
         has_many :key_descriptors, Saml::Elements::KeyDescriptor

data/lib/saml/elements/encrypted_assertion.rb

@@ -0,0 +1,18 @@
+module Saml
+  module Elements
+    class EncryptedAssertion
+      include Saml::Base
+
+      tag "EncryptedAssertion"
+
+      register_namespace "saml", Saml::SAML_NAMESPACE
+      namespace "saml"
+
+      element :encrypted_data, Xmlenc::Builder::EncryptedData
+
+      has_many :encrypted_keys, Xmlenc::Builder::EncryptedKey
+
+      validates :encrypted_data, presence: true
+    end
+  end
+end

data/lib/saml/elements/entities_descriptor.rb

@@ -12,7 +12,7 @@ module Saml
       attribute :_id, String, :tag => "ID"
       attribute :name, String, :tag => "Name"
       attribute :valid_until, Time, :tag => "validUntil"
-      attribute :cache_duration, Integer, :tag => "cacheDuration"
+      attribute :cache_duration, String, :tag => "cacheDuration"
 
       has_one :signature, Saml::Elements::Signature
 

data/lib/saml/elements/entity_descriptor.rb

@@ -13,7 +13,7 @@ module Saml
       attribute :name, String, :tag => "Name"
       attribute :entity_id, String, :tag => "entityID"
       attribute :valid_until, Time, :tag => "validUntil"
-      attribute :cache_duration, Integer, :tag => "cacheDuration"
+      attribute :cache_duration, String, :tag => "cacheDuration"
 
       has_one :signature, Saml::Elements::Signature
 

data/lib/saml/elements/key_descriptor/key_info/x509_data.rb

@@ -18,11 +18,11 @@ module Saml
 
           def x509certificate=(cert)
             if cert.present?
-              unless cert =~ /-----BEGIN CERTIFICATE-----/
-                cert = cert.gsub(/\n/, '')
-                cert = "-----BEGIN CERTIFICATE-----\n#{cert.gsub(/(.{1,64})/, "\\1\n")}-----END CERTIFICATE-----"
+              if cert =~ /-----BEGIN CERTIFICATE-----/
+                @x509certificate = OpenSSL::X509::Certificate.new(cert)
+              else
+                @x509certificate = OpenSSL::X509::Certificate.new(Base64.decode64(cert))
               end
-              @x509certificate = OpenSSL::X509::Certificate.new(cert)
             end
           rescue OpenSSL::X509::CertificateError => e
             nil

data/lib/saml/provider.rb

@@ -30,7 +30,7 @@ module Saml
       entity_descriptor.entity_id
     end
 
-    def certificate(key_name, use = "signing")
+    def certificate(key_name = nil, use = "signing")
       key_descriptor = descriptor.find_key_descriptor(key_name, use)
       key_descriptor.certificate if key_descriptor
     end

data/lib/saml/response.rb

@@ -3,7 +3,8 @@ module Saml
     include Saml::ComplexTypes::StatusResponseType
 
     tag "Response"
-    has_many :assertions, Saml::Assertion, :tag => "Assertion"
+    has_many :assertions, Saml::Assertion
+    has_many :encrypted_assertions, Saml::Elements::EncryptedAssertion
 
     def authn_failed?
       !success? && status.status_code.authn_failed?
@@ -24,5 +25,13 @@ module Saml
     def assertion=(assertion)
       (self.assertions ||= []) << assertion
     end
+
+    def encrypted_assertion
+      encrypted_assertions.first
+    end
+
+    def encrypted_assertion=(encrypted_assertion)
+      (self.encrypted_assertions ||= []) << encrypted_assertion
+     end
   end
 end

data/lib/saml/util.rb

@@ -7,7 +7,7 @@ module Saml
 
         params = {}
         query.split(/[&;]/).each do |pairs|
-          key, value = pairs.split('=',2)
+          key, value  = pairs.split('=', 2)
           params[key] = value
         end
 
@@ -39,6 +39,18 @@ module Saml
         end
       end
 
+      def encrypt_assertion(assertion, certificate)
+        encrypted_data = Xmlenc::Builder::EncryptedData.new
+        encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
+
+        encrypted_key = encrypted_data.encrypt(assertion)
+        encrypted_key.set_encryption_method(algorithm:               'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
+                                            digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
+        encrypted_key.encrypt(certificate.public_key)
+
+        Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
+      end
+
       def verify_xml(message, raw_body)
         document = Xmldsig::SignedDocument.new(raw_body)
 

data/lib/saml/version.rb

@@ -1,3 +1,3 @@
 module Saml
-  VERSION = '2.1.0'
+  VERSION = "2.1.2"
 end

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: libsaml
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.2
 platform: ruby
 authors:
 - Benoist Claassen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-22 00:00:00.000000000 Z
+date: 2013-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
@@ -72,40 +72,40 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: 0.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: curb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: httpi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
@@ -147,6 +147,7 @@ files:
 - lib/saml/elements/authn_statement.rb
 - lib/saml/elements/conditions.rb
 - lib/saml/elements/contact_person.rb
+- lib/saml/elements/encrypted_assertion.rb
 - lib/saml/elements/encrypted_attribute.rb
 - lib/saml/elements/entities_descriptor.rb
 - lib/saml/elements/entity_attributes.rb
@@ -210,17 +211,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.6
+rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: A gem to easily create SAML 2.0 messages.