libsaml 2.2.3 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml.rb +4 -1
- data/lib/saml/provider_stores/url.rb +17 -0
- data/lib/saml/util.rb +26 -6
- data/lib/saml/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fc0c61acd404b9d659024b9b6d11afb2ac5fbeb5
|
|
4
|
+
data.tar.gz: a1d6cfaa1d4b9b800c5dc9eb31cb2e6e15ec8c47
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a9a54851c001e6fb62e2a843670d62e00569800ccaa14289a6626ef153a4ceda795121011e7deaa9661f9015320fdd8bd0d749c5e3293d3300e8feb51249263c
|
|
7
|
+
data.tar.gz: 942e3254bd7280f6d6ad83eab64f9e5cd1f183cfa4e287791e178274ea8bfb265162881ec67128a99a92c75ebb965e7931fe0ca987b0fcc5766a3db8617f2ff4
|
data/lib/saml.rb
CHANGED
|
@@ -27,6 +27,8 @@ module Saml
|
|
|
27
27
|
end
|
|
28
28
|
class UnparseableMessage < SamlError
|
|
29
29
|
end
|
|
30
|
+
class MetadataDownloadFailed < SamlError
|
|
31
|
+
end
|
|
30
32
|
class InvalidStore < SamlError
|
|
31
33
|
def initialize(store = '')
|
|
32
34
|
@store = store
|
|
@@ -150,6 +152,7 @@ module Saml
|
|
|
150
152
|
|
|
151
153
|
module ProviderStores
|
|
152
154
|
require 'saml/provider_stores/file'
|
|
155
|
+
require 'saml/provider_stores/url'
|
|
153
156
|
end
|
|
154
157
|
|
|
155
158
|
module ProtocolBinding
|
|
@@ -190,7 +193,7 @@ module Saml
|
|
|
190
193
|
if current_provider.entity_id == entity_id
|
|
191
194
|
current_provider
|
|
192
195
|
else
|
|
193
|
-
current_store.find_by_entity_id(entity_id) || raise(Saml::Errors::InvalidProvider.new)
|
|
196
|
+
current_store.find_by_entity_id(entity_id) || raise(Saml::Errors::InvalidProvider.new("Cannot find provider with entity_id: #{entity_id}"))
|
|
194
197
|
end
|
|
195
198
|
end
|
|
196
199
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Saml
|
|
2
|
+
module ProviderStores
|
|
3
|
+
class Url
|
|
4
|
+
attr_accessor :providers
|
|
5
|
+
|
|
6
|
+
def self.find_by_metadata_location(entity_id)
|
|
7
|
+
metadata = Saml::Util.download_metadata_xml(entity_id)
|
|
8
|
+
entity_descriptor = Saml::Elements::EntityDescriptor.parse(metadata, single: true)
|
|
9
|
+
type = entity_descriptor.sp_sso_descriptor.present? ? "service_provider" : "identity_provider"
|
|
10
|
+
|
|
11
|
+
BasicProvider.new(entity_descriptor, nil, type)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
alias_method :find_by_entity_id, :find_by_metadata_location
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/saml/util.rb
CHANGED
|
@@ -22,17 +22,17 @@ module Saml
|
|
|
22
22
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
23
23
|
|
|
24
24
|
if Saml::Config.ssl_certificate_file.present? && Saml::Config.ssl_private_key_file.present?
|
|
25
|
-
cert
|
|
26
|
-
key
|
|
25
|
+
cert = File.read(Saml::Config.ssl_certificate_file)
|
|
26
|
+
key = File.read(Saml::Config.ssl_private_key_file)
|
|
27
27
|
|
|
28
|
-
http.cert
|
|
29
|
-
http.key
|
|
28
|
+
http.cert = OpenSSL::X509::Certificate.new(cert)
|
|
29
|
+
http.key = OpenSSL::PKey::RSA.new(key)
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
headers = { 'Content-Type' => 'text/xml' }
|
|
33
33
|
headers.merge! additional_headers
|
|
34
34
|
|
|
35
|
-
request
|
|
35
|
+
request = Net::HTTP::Post.new(uri.request_uri, headers)
|
|
36
36
|
request.body = message
|
|
37
37
|
|
|
38
38
|
http.request(request)
|
|
@@ -68,7 +68,7 @@ module Saml
|
|
|
68
68
|
def decrypt_assertion(encrypted_assertion, private_key)
|
|
69
69
|
encrypted_assertion_xml = encrypted_assertion.is_a?(Saml::Elements::EncryptedAssertion) ?
|
|
70
70
|
encrypted_assertion.to_xml : encrypted_assertion.to_s
|
|
71
|
-
encrypted_document
|
|
71
|
+
encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_assertion_xml)
|
|
72
72
|
|
|
73
73
|
Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
|
|
74
74
|
end
|
|
@@ -86,6 +86,26 @@ module Saml
|
|
|
86
86
|
|
|
87
87
|
message.class.parse(signed_node.to_xml, single: true)
|
|
88
88
|
end
|
|
89
|
+
|
|
90
|
+
def download_metadata_xml(location)
|
|
91
|
+
uri = URI.parse(location)
|
|
92
|
+
|
|
93
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
94
|
+
http.use_ssl = uri.scheme == 'https'
|
|
95
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
96
|
+
|
|
97
|
+
request = Net::HTTP::Get.new(uri.request_uri)
|
|
98
|
+
|
|
99
|
+
response = http.request(request)
|
|
100
|
+
if response.code == '200'
|
|
101
|
+
response.body
|
|
102
|
+
else
|
|
103
|
+
raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{response.body}")
|
|
104
|
+
end
|
|
105
|
+
rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse,
|
|
106
|
+
Net::HTTPHeaderSyntaxError, Net::ProtocolError => error
|
|
107
|
+
raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{error.message}")
|
|
108
|
+
end
|
|
89
109
|
end
|
|
90
110
|
end
|
|
91
111
|
end
|
data/lib/saml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libsaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoist Claassen
|
|
@@ -195,6 +195,7 @@ files:
|
|
|
195
195
|
- lib/saml/null_provider.rb
|
|
196
196
|
- lib/saml/provider.rb
|
|
197
197
|
- lib/saml/provider_stores/file.rb
|
|
198
|
+
- lib/saml/provider_stores/url.rb
|
|
198
199
|
- lib/saml/rails/controller_helper.rb
|
|
199
200
|
- lib/saml/response.rb
|
|
200
201
|
- lib/saml/util.rb
|