libsaml 2.2.3 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml.rb +4 -1
- data/lib/saml/provider_stores/url.rb +17 -0
- data/lib/saml/util.rb +26 -6
- data/lib/saml/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fc0c61acd404b9d659024b9b6d11afb2ac5fbeb5
|
|
4
|
+
data.tar.gz: a1d6cfaa1d4b9b800c5dc9eb31cb2e6e15ec8c47
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a9a54851c001e6fb62e2a843670d62e00569800ccaa14289a6626ef153a4ceda795121011e7deaa9661f9015320fdd8bd0d749c5e3293d3300e8feb51249263c
|
|
7
|
+
data.tar.gz: 942e3254bd7280f6d6ad83eab64f9e5cd1f183cfa4e287791e178274ea8bfb265162881ec67128a99a92c75ebb965e7931fe0ca987b0fcc5766a3db8617f2ff4
|
data/lib/saml.rb
CHANGED
|
@@ -27,6 +27,8 @@ module Saml
|
|
|
27
27
|
end
|
|
28
28
|
class UnparseableMessage < SamlError
|
|
29
29
|
end
|
|
30
|
+
class MetadataDownloadFailed < SamlError
|
|
31
|
+
end
|
|
30
32
|
class InvalidStore < SamlError
|
|
31
33
|
def initialize(store = '')
|
|
32
34
|
@store = store
|
|
@@ -150,6 +152,7 @@ module Saml
|
|
|
150
152
|
|
|
151
153
|
module ProviderStores
|
|
152
154
|
require 'saml/provider_stores/file'
|
|
155
|
+
require 'saml/provider_stores/url'
|
|
153
156
|
end
|
|
154
157
|
|
|
155
158
|
module ProtocolBinding
|
|
@@ -190,7 +193,7 @@ module Saml
|
|
|
190
193
|
if current_provider.entity_id == entity_id
|
|
191
194
|
current_provider
|
|
192
195
|
else
|
|
193
|
-
current_store.find_by_entity_id(entity_id) || raise(Saml::Errors::InvalidProvider.new)
|
|
196
|
+
current_store.find_by_entity_id(entity_id) || raise(Saml::Errors::InvalidProvider.new("Cannot find provider with entity_id: #{entity_id}"))
|
|
194
197
|
end
|
|
195
198
|
end
|
|
196
199
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Saml
|
|
2
|
+
module ProviderStores
|
|
3
|
+
class Url
|
|
4
|
+
attr_accessor :providers
|
|
5
|
+
|
|
6
|
+
def self.find_by_metadata_location(entity_id)
|
|
7
|
+
metadata = Saml::Util.download_metadata_xml(entity_id)
|
|
8
|
+
entity_descriptor = Saml::Elements::EntityDescriptor.parse(metadata, single: true)
|
|
9
|
+
type = entity_descriptor.sp_sso_descriptor.present? ? "service_provider" : "identity_provider"
|
|
10
|
+
|
|
11
|
+
BasicProvider.new(entity_descriptor, nil, type)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
alias_method :find_by_entity_id, :find_by_metadata_location
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/saml/util.rb
CHANGED
|
@@ -22,17 +22,17 @@ module Saml
|
|
|
22
22
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
23
23
|
|
|
24
24
|
if Saml::Config.ssl_certificate_file.present? && Saml::Config.ssl_private_key_file.present?
|
|
25
|
-
cert
|
|
26
|
-
key
|
|
25
|
+
cert = File.read(Saml::Config.ssl_certificate_file)
|
|
26
|
+
key = File.read(Saml::Config.ssl_private_key_file)
|
|
27
27
|
|
|
28
|
-
http.cert
|
|
29
|
-
http.key
|
|
28
|
+
http.cert = OpenSSL::X509::Certificate.new(cert)
|
|
29
|
+
http.key = OpenSSL::PKey::RSA.new(key)
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
headers = { 'Content-Type' => 'text/xml' }
|
|
33
33
|
headers.merge! additional_headers
|
|
34
34
|
|
|
35
|
-
request
|
|
35
|
+
request = Net::HTTP::Post.new(uri.request_uri, headers)
|
|
36
36
|
request.body = message
|
|
37
37
|
|
|
38
38
|
http.request(request)
|
|
@@ -68,7 +68,7 @@ module Saml
|
|
|
68
68
|
def decrypt_assertion(encrypted_assertion, private_key)
|
|
69
69
|
encrypted_assertion_xml = encrypted_assertion.is_a?(Saml::Elements::EncryptedAssertion) ?
|
|
70
70
|
encrypted_assertion.to_xml : encrypted_assertion.to_s
|
|
71
|
-
encrypted_document
|
|
71
|
+
encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_assertion_xml)
|
|
72
72
|
|
|
73
73
|
Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
|
|
74
74
|
end
|
|
@@ -86,6 +86,26 @@ module Saml
|
|
|
86
86
|
|
|
87
87
|
message.class.parse(signed_node.to_xml, single: true)
|
|
88
88
|
end
|
|
89
|
+
|
|
90
|
+
def download_metadata_xml(location)
|
|
91
|
+
uri = URI.parse(location)
|
|
92
|
+
|
|
93
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
94
|
+
http.use_ssl = uri.scheme == 'https'
|
|
95
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
96
|
+
|
|
97
|
+
request = Net::HTTP::Get.new(uri.request_uri)
|
|
98
|
+
|
|
99
|
+
response = http.request(request)
|
|
100
|
+
if response.code == '200'
|
|
101
|
+
response.body
|
|
102
|
+
else
|
|
103
|
+
raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{response.body}")
|
|
104
|
+
end
|
|
105
|
+
rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse,
|
|
106
|
+
Net::HTTPHeaderSyntaxError, Net::ProtocolError => error
|
|
107
|
+
raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{error.message}")
|
|
108
|
+
end
|
|
89
109
|
end
|
|
90
110
|
end
|
|
91
111
|
end
|
data/lib/saml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libsaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoist Claassen
|
|
@@ -195,6 +195,7 @@ files:
|
|
|
195
195
|
- lib/saml/null_provider.rb
|
|
196
196
|
- lib/saml/provider.rb
|
|
197
197
|
- lib/saml/provider_stores/file.rb
|
|
198
|
+
- lib/saml/provider_stores/url.rb
|
|
198
199
|
- lib/saml/rails/controller_helper.rb
|
|
199
200
|
- lib/saml/response.rb
|
|
200
201
|
- lib/saml/util.rb
|