libsaml 2.15.8 → 2.16.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1dd09c45a2c831a6112b6023a25f8fb2deca6513
4
- data.tar.gz: 028e34efefeb590965b21a468755614675ec4989
3
+ metadata.gz: 3fe168b0b5d962fce3379f08bf9b6e06c74825a6
4
+ data.tar.gz: 639c97ef468c1daf2b9410babc217e41c8c8f36a
5
5
  SHA512:
6
- metadata.gz: 19239eed4cb96c32583dfdb9214a85080ffca88ea6c2c6b71a6a64c5412b5384f2bf7fd1d361ca6f13da3359b210bbeed7c7247fbe98c7fabce753110c085430
7
- data.tar.gz: 32d75f484cd6410afc093455f8dc40334256e59da42b504f603fc8a226522f7043af60d338733461eed0c22e077447b79f5bdd3f75c8dce56e98e47fe3a04f00
6
+ metadata.gz: dbcd598c7e93aa9434c40fd62a452e76d29036acc6458df9939c46961f44297d968e714ffe66e8a327bdb85bbad9a23c969d7744998e533b51fc8e3d24cab9dc
7
+ data.tar.gz: 475f4a722b652995dcc2e3f7bba9f3226679d8f7d6cb280f9bdc4ad674ae1b9690fd4ca84b8986e74f8b00e2d43b6670714bb56ed7c5e1c68d3486751d9aa101
data/lib/saml/config.rb CHANGED
@@ -12,6 +12,9 @@ module Saml
12
12
  mattr_accessor :ssl_certificate_file
13
13
  @@ssl_certificate_file = nil
14
14
 
15
+ mattr_accessor :http_ca_file
16
+ @@http_ca_file = nil
17
+
15
18
  mattr_accessor :registered_stores
16
19
  @@registered_stores = {}
17
20
 
@@ -23,6 +26,5 @@ module Saml
23
26
  end
24
27
 
25
28
  module_function :register_store
26
-
27
29
  end
28
30
  end
@@ -3,32 +3,46 @@ module Saml
3
3
  class File
4
4
  attr_accessor :providers
5
5
 
6
- def initialize(metadata_dir = "config/metadata", key_file = "config/ssl/key.pem")
6
+ def initialize(metadata_dir = "config/metadata", key_file = "config/ssl/key.pem", key_password = nil)
7
7
  @mutex = Mutex.new
8
8
  self.providers = {}
9
9
 
10
- load_files(metadata_dir, key_file)
10
+ load_files(metadata_dir, key_file, key_password)
11
11
  end
12
12
 
13
13
  def find_by_entity_id(entity_id)
14
- self.providers[entity_id]
14
+ providers[entity_id]
15
15
  end
16
16
 
17
- def load_files(metadata_dir, key_file)
18
- Dir[::File.join(metadata_dir, "*.xml")].each do |file|
19
- add_metadata(::File.read(file), OpenSSL::PKey::RSA.new(::File.read(key_file)))
17
+ # Returns provider by source_id or nil if not found.
18
+ def find_by_source_id(source_id)
19
+ providers.find do |entity_id, _|
20
+ Digest::SHA1.digest(entity_id) == source_id
21
+ end.to_a[1]
22
+ end
23
+
24
+ def load_files(metadata_dir, key_file, key_password = nil)
25
+ Dir[::File.join(metadata_dir, '*.xml')].each do |file|
26
+ add_metadata(::File.read(file), get_private_key(key_file, key_password))
20
27
  end
21
28
  end
22
29
 
23
30
  def add_metadata(metadata_xml, private_key = nil)
24
31
  entity_descriptor = Saml::Elements::EntityDescriptor.parse(metadata_xml, single: true)
25
- type = entity_descriptor.sp_sso_descriptor.present? ? "service_provider" : "identity_provider"
32
+ type = entity_descriptor.sp_sso_descriptor.present? ? 'service_provider' : 'identity_provider'
26
33
  provider = BasicProvider.new(entity_descriptor, private_key, type)
27
34
 
28
35
  @mutex.synchronize do
29
- self.providers[provider.entity_id] = provider
36
+ providers[provider.entity_id] = provider
30
37
  end
31
38
  end
39
+
40
+ private
41
+
42
+ def get_private_key(file, password)
43
+ return OpenSSL::PKey::RSA.new(::File.read(file)) unless password.present?
44
+ OpenSSL::PKey::RSA.new(::File.read(file), password)
45
+ end
32
46
  end
33
47
  end
34
48
  end
data/lib/saml/util.rb CHANGED
@@ -21,22 +21,10 @@ module Saml
21
21
  http.use_ssl = uri.scheme == 'https'
22
22
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
23
23
 
24
- if Saml::Config.ssl_certificate_file.present? && Saml::Config.ssl_private_key_file.present?
25
- cert = File.read(Saml::Config.ssl_certificate_file)
26
- key = File.read(Saml::Config.ssl_private_key_file)
24
+ add_cacert_file(http)
25
+ add_ssl_certificate_and_key(http)
27
26
 
28
- http.cert = OpenSSL::X509::Certificate.new(cert)
29
- http.key = OpenSSL::PKey::RSA.new(key)
30
- end
31
-
32
- headers = {
33
- 'Content-Type' => 'text/xml',
34
- 'Cache-Control' => 'no-cache, no-store',
35
- 'Pragma' => 'no-cache'
36
- }
37
- headers.merge! additional_headers
38
-
39
- request = Net::HTTP::Post.new(uri.request_uri, headers)
27
+ request = Net::HTTP::Post.new(uri.request_uri, merged_headers(additional_headers))
40
28
  request.body = message
41
29
 
42
30
  http.request(request)
@@ -57,14 +45,14 @@ module Saml
57
45
 
58
46
  def encrypt_assertion(assertion, key_descriptor_or_certificate)
59
47
  case key_descriptor_or_certificate
60
- when OpenSSL::X509::Certificate
61
- certificate = key_descriptor_or_certificate
62
- key_name = nil
63
- when Saml::Elements::KeyDescriptor
64
- certificate = key_descriptor_or_certificate.certificate
65
- key_name = key_descriptor_or_certificate.key_info.key_name
66
- else
67
- raise ArgumentError.new("Expecting Certificate or KeyDescriptor got: #{key_descriptor_or_certificate.class}")
48
+ when OpenSSL::X509::Certificate
49
+ certificate = key_descriptor_or_certificate
50
+ key_name = nil
51
+ when Saml::Elements::KeyDescriptor
52
+ certificate = key_descriptor_or_certificate.certificate
53
+ key_name = key_descriptor_or_certificate.key_info.key_name
54
+ else
55
+ fail ArgumentError, "Expecting Certificate or KeyDescriptor got: #{key_descriptor_or_certificate.class}"
68
56
  end
69
57
 
70
58
  assertion = assertion.to_xml(nil, nil, false) if assertion.is_a?(Assertion) # create xml without instruct
@@ -113,7 +101,7 @@ module Saml
113
101
  message.provider.verify(signature_algorithm, signature, data, message.signature.key_name)
114
102
  end
115
103
 
116
- raise Saml::Errors::SignatureInvalid.new unless signature_valid
104
+ fail Saml::Errors::SignatureInvalid unless signature_valid
117
105
 
118
106
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
119
107
 
@@ -132,17 +120,45 @@ module Saml
132
120
  http.use_ssl = uri.scheme == 'https'
133
121
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
134
122
 
123
+ add_cacert_file(http)
124
+
135
125
  request = Net::HTTP::Get.new(uri.request_uri)
136
126
 
137
127
  response = http.request(request)
138
128
  if response.code == '200'
139
129
  response.body
140
130
  else
141
- raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{response.body}")
131
+ fail Saml::Errors::MetadataDownloadFailed, "Cannot download metadata for: #{location}: #{response.body}"
142
132
  end
143
133
  rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse,
144
134
  Net::HTTPHeaderSyntaxError, Net::ProtocolError => error
145
- raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{error.message}")
135
+ raise Saml::Errors::MetadataDownloadFailed, "Cannot download metadata for: #{location}: #{error.message}"
136
+ end
137
+
138
+ private
139
+
140
+ def merged_headers(headers)
141
+ { 'Content-Type' => 'text/xml',
142
+ 'Cache-Control' => 'no-cache, no-store',
143
+ 'Pragma' => 'no-cache' }.merge(headers)
144
+ end
145
+
146
+ def add_cacert_file(http)
147
+ return http unless Saml::Config.http_ca_file.present?
148
+ http.cert_store = OpenSSL::X509::Store.new
149
+ http.cert_store.set_default_paths
150
+ http.cert_store.add_file(Saml::Config.http_ca_file)
151
+ http
152
+ end
153
+
154
+ def add_ssl_certificate_and_key(http)
155
+ return http unless Saml::Config.ssl_certificate_file.present?
156
+ return http unless Saml::Config.ssl_private_key_file.present?
157
+ cert = File.read(Saml::Config.ssl_certificate_file)
158
+ key = File.read(Saml::Config.ssl_private_key_file)
159
+ http.cert = OpenSSL::X509::Certificate.new(cert)
160
+ http.key = OpenSSL::PKey::RSA.new(key)
161
+ http
146
162
  end
147
163
  end
148
164
  end
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = "2.15.8"
2
+ VERSION = "2.16.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.15.8
4
+ version: 2.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-01 00:00:00.000000000 Z
11
+ date: 2015-12-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport