libsaml 3.7.0 → 3.9.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e689c8b19f26da4c7cc09904fb18cb052088834f32567abf14023219f9987481
4
- data.tar.gz: cbc544b35d8b045d11c09c85f074234466d33b1a90a91a229d47d594456cc646
3
+ metadata.gz: 52056387172170f48159a403ea8ccd8adccdd4f3bf2f1dbdc104a8034f71d0c0
4
+ data.tar.gz: bc0f3ca0dd6b47297af36255f9309b1d5b636a322289825d6ac8556321ed2ad9
5
5
  SHA512:
6
- metadata.gz: 1b11d5dda8bf220251d944a1c8397075e33b0c98c67a42b6d0e61bffe0c67722a8628e79461880d3ecd9d982751ef322ff5485a18cd320c024f1ef13e5d80827
7
- data.tar.gz: cec277eeadebc7a6c4f5294437b34f7a39daff47873c9e35ad95e6c42e0f91429580bca880214c4e95728f17cdf599694e60981bab8d24c2483f99ab0c79c1cb
6
+ metadata.gz: dd18ec249485cee4a1d71aceaa4ea9bd0acb248182fc53f9df7969bd6fcdccb161f5870187ce23bfb748f2879dc5ed17d7a1f14bd939136cf49669e1f6b73ca4
7
+ data.tar.gz: fb87df8c97c301ac2af52102242f47bd129e4f9bcc617634810f93efac6176dd37f39832cd4b0040fbf5ccf2f171636fcca3e9e1a2436ddbf5f106872469c93a
data/lib/saml.rb CHANGED
@@ -34,6 +34,8 @@ module Saml
34
34
  end
35
35
  class UnparseableMessage < SamlError
36
36
  end
37
+ class InvalidParams < SamlError
38
+ end
37
39
  class MetadataDownloadFailed < SamlError
38
40
  end
39
41
  class InvalidStore < SamlError
@@ -46,7 +46,8 @@ module Saml
46
46
  @authn_statement = Saml::Elements::AuthnStatement.new(authn_instant: authn_instant,
47
47
  address: options.delete(:address),
48
48
  authn_context_class_ref: options.delete(:authn_context_class_ref),
49
- session_index: options.delete(:session_index))
49
+ session_index: options.delete(:session_index),
50
+ session_not_on_or_after: options.delete(:session_not_on_or_after))
50
51
  super(*(args << options))
51
52
  @_id ||= Saml.generate_id
52
53
  @issue_instant ||= Time.now
@@ -20,7 +20,12 @@ module Saml
20
20
  end
21
21
 
22
22
  def receive_message(request, type)
23
- message = Saml::Encoding.decode_64(request.params["SAMLRequest"] || request.params["SAMLResponse"])
23
+ receive_xml = request.params["SAMLRequest"] || request.params["SAMLResponse"]
24
+ if receive_xml.nil?
25
+ raise Saml::Errors::InvalidParams, 'require params `SAMLRequest` or `SAMLResponse`'
26
+ end
27
+
28
+ message = Saml::Encoding.decode_64(receive_xml)
24
29
  notify('receive_message', message)
25
30
  request_or_response = Saml.parse_message(message, type)
26
31
 
@@ -14,6 +14,11 @@ module Saml
14
14
  options[:signature_algorithm] = http_request.params["SigAlg"]
15
15
  options[:relay_state] = http_request.params["RelayState"]
16
16
 
17
+ receive_xml = http_request.params["SAMLRequest"] || http_request.params["SAMLResponse"]
18
+ if receive_xml.nil?
19
+ raise Saml::Errors::InvalidParams, 'require params `SAMLRequest` or `SAMLResponse`'
20
+ end
21
+
17
22
  request_or_response = parse_request_or_response(options.delete(:type), http_request.params)
18
23
 
19
24
  redirect_binding = new(request_or_response, options)
@@ -8,6 +8,7 @@ module Saml
8
8
 
9
9
  attribute :authn_instant, Time, tag: "AuthnInstant", on_save: lambda { |val| val.utc.xmlschema }
10
10
  attribute :session_index, String, tag: "SessionIndex"
11
+ attribute :session_not_on_or_after, Time, tag: "SessionNotOnOrAfter", on_save: lambda { |val| val.utc.xmlschema if val.present?}
11
12
 
12
13
  has_one :subject_locality, Saml::Elements::SubjectLocality, tag: "SubjectLocality"
13
14
  has_one :authn_context, Saml::Elements::AuthnContext, tag: "AuthnContext"
@@ -15,27 +15,9 @@ module Saml
15
15
  validates :encrypted_data, presence: true
16
16
 
17
17
  def encrypt(attribute, encrypted_key_data, encrypted_data_options = {})
18
- self.encrypted_data = Xmlenc::Builder::EncryptedData.new(encrypted_data_options)
19
- self.encrypted_data.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
20
- self.encrypted_data.set_key_name key_name
21
-
22
- encrypted_key_data.each do |key_descriptor, key_options|
23
- encrypted_key = self.encrypted_data.encrypt Nokogiri::XML(attribute.to_xml).root.to_xml, key_options
24
- encrypted_key.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
25
- encrypted_key.set_key_name key_descriptor.key_info.key_name
26
- encrypted_key.carried_key_name = key_name
27
- encrypted_key.encrypt key_descriptor.certificate.public_key
28
-
29
- self.encrypted_keys ||= []
30
- self.encrypted_keys << encrypted_key
31
- end
18
+ Saml::Util.encrypt_element(self, attribute, encrypted_key_data, encrypted_data_options)
32
19
  end
33
20
 
34
- private
35
-
36
- def key_name
37
- @key_name ||= Saml.generate_id
38
- end
39
21
  end
40
22
  end
41
23
  end
@@ -28,16 +28,16 @@ module Saml
28
28
 
29
29
  if key_descriptors.any?
30
30
  if key_descriptors.one?
31
- encrypt_for_one_recipient(key_descriptors.first, key_options)
31
+ encrypt_for_one_key_descriptor(key_descriptors.first, key_options)
32
32
  else
33
- encrypt_for_multiple_recipients(key_descriptors, key_options)
33
+ encrypt_for_multiple_key_descriptors(key_descriptors, key_options)
34
34
  end
35
35
  end
36
36
  end
37
37
 
38
38
  private
39
39
 
40
- def encrypt_for_one_recipient(key_descriptor, key_options = {})
40
+ def encrypt_for_one_key_descriptor(key_descriptor, key_options = {})
41
41
  self.encrypted_data = Xmlenc::Builder::EncryptedData.new
42
42
 
43
43
  self.encrypted_data.set_key_retrieval_method Xmlenc::Builder::RetrievalMethod.new(
@@ -47,7 +47,7 @@ module Saml
47
47
  algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
48
48
  )
49
49
 
50
- encrypted_key = self.encrypted_data.encrypt(name_id_xml, key_options)
50
+ encrypted_key = self.encrypted_data.encrypt(Nokogiri::XML(name_id.to_xml).root.to_xml, key_options)
51
51
  encrypted_key.set_encryption_method(
52
52
  algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
53
53
  digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
@@ -60,39 +60,18 @@ module Saml
60
60
  self.name_id = nil
61
61
  end
62
62
 
63
- def encrypt_for_multiple_recipients(key_descriptors, key_options = {})
64
- key_name = key_options[:key_name]
65
- encrypted_keys = []
66
-
67
- self.encrypted_data = Xmlenc::Builder::EncryptedData.new
68
- self.encrypted_data.set_key_name key_name
69
- self.encrypted_data.set_encryption_method(
70
- algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
71
- )
72
-
73
- key_descriptors.each do |key_descriptor|
74
- encrypted_key = self.encrypted_data.encrypt(
75
- name_id_xml,
76
- key_options.merge(id: "_#{SecureRandom.uuid}", carried_key_name: key_name)
77
- )
78
- encrypted_key.set_encryption_method(
79
- algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
80
- digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
81
- )
82
-
83
- encrypted_key.set_key_name(key_descriptor.key_info.key_name)
84
- encrypted_key.encrypt(key_descriptor.certificate.public_key)
85
-
86
- encrypted_keys << encrypted_key
63
+ def encrypt_for_multiple_key_descriptors(encrypted_key_data, encrypted_data_options = {})
64
+ if encrypted_data_options[:recipient].present? && encrypted_key_data.first.is_a?(Saml::Elements::KeyDescriptor)
65
+ encrypted_key_data.map! do |key_descriptor|
66
+ [ key_descriptor, { recipient: encrypted_data_options[:recipient] } ]
67
+ end
87
68
  end
88
69
 
89
- self.encrypted_keys = encrypted_keys
70
+ Saml::Util.encrypt_element(self, name_id, encrypted_key_data, encrypted_data_options)
71
+
90
72
  self.name_id = nil
91
73
  end
92
74
 
93
- def name_id_xml
94
- Nokogiri::XML(name_id.to_xml).root.to_xml
95
- end
96
75
  end
97
76
  end
98
77
  end
data/lib/saml/provider.rb CHANGED
@@ -105,6 +105,8 @@ module Saml
105
105
  def digest_method(signature_algorithm)
106
106
  digest = signature_algorithm && signature_algorithm =~ /sha(.*?)$/i && $1.to_i
107
107
  case digest
108
+ when 512 then
109
+ OpenSSL::Digest::SHA512
108
110
  when 256 then
109
111
  OpenSSL::Digest::SHA256
110
112
  else
data/lib/saml/response.rb CHANGED
@@ -28,10 +28,14 @@ module Saml
28
28
  !success? && status.status_code.unknown_principal?
29
29
  end
30
30
 
31
- def encrypt_assertions(certificate, include_certificate: false)
31
+ def encrypt_assertions(key_descriptor_or_certificate, include_certificate: false, include_key_retrieval_method: false)
32
32
  @encrypted_assertions = []
33
33
  assertions.each do |assertion|
34
- @encrypted_assertions << Saml::Util.encrypt_assertion(assertion, certificate, include_certificate: include_certificate)
34
+ @encrypted_assertions << Saml::Util.encrypt_assertion(
35
+ assertion, key_descriptor_or_certificate,
36
+ include_certificate: include_certificate,
37
+ include_key_retrieval_method: include_key_retrieval_method
38
+ )
35
39
  end
36
40
  assertions.clear
37
41
  end
data/lib/saml/util.rb CHANGED
@@ -60,7 +60,7 @@ module Saml
60
60
  end
61
61
  end
62
62
 
63
- def encrypt_assertion(assertion, key_descriptor_or_certificate, include_certificate: false)
63
+ def encrypt_assertion(assertion, key_descriptor_or_certificate, include_certificate: false, include_key_retrieval_method: false)
64
64
  case key_descriptor_or_certificate
65
65
  when OpenSSL::X509::Certificate
66
66
  certificate = key_descriptor_or_certificate
@@ -87,6 +87,11 @@ module Saml
87
87
  end
88
88
  encrypted_key.encrypt(certificate.public_key)
89
89
 
90
+ if include_key_retrieval_method
91
+ encrypted_key.id = '_' + SecureRandom.uuid
92
+ encrypted_data.set_key_retrieval_method (Xmlenc::Builder::RetrievalMethod.new(uri: "##{encrypted_key.id}"))
93
+ end
94
+
90
95
  Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
91
96
  end
92
97
 
@@ -98,6 +103,32 @@ module Saml
98
103
  Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
99
104
  end
100
105
 
106
+ def encrypt_element(element, target_element, encrypted_key_data, encrypted_data_options)
107
+ key_name = encrypted_data_options.fetch(:key_name, Saml.generate_id)
108
+
109
+ element.encrypted_data = Xmlenc::Builder::EncryptedData.new(encrypted_data_options)
110
+ element.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
111
+ element.encrypted_data.set_key_name key_name
112
+
113
+ original_encrypted_key = element.encrypted_data.encrypt(Nokogiri::XML(target_element.to_xml).root.to_xml, encrypted_data_options)
114
+
115
+ encrypted_key_data.each do |key_descriptor, key_options = {}|
116
+ encrypted_key_options = key_options.merge(id: Saml.generate_id, data: original_encrypted_key.data)
117
+
118
+ encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
119
+ encrypted_key.add_data_reference(element.encrypted_data.id)
120
+ encrypted_key.set_key_name(key_descriptor.key_info.key_name)
121
+ encrypted_key.carried_key_name = key_name
122
+ encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
123
+ encrypted_key.encrypt(key_descriptor.certificate.public_key)
124
+
125
+ element.encrypted_keys ||= []
126
+ element.encrypted_keys << encrypted_key
127
+ end
128
+
129
+ element
130
+ end
131
+
101
132
  def encrypt_name_id(name_id, key_descriptor, key_options = {})
102
133
  encrypted_id = Saml::Elements::EncryptedID.new(name_id: name_id)
103
134
  encrypt_encrypted_id(encrypted_id, key_descriptor, key_options)
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '3.7.0'
2
+ VERSION = '3.9.3'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.0
4
+ version: 3.9.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-17 00:00:00.000000000 Z
11
+ date: 2021-06-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -255,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
255
255
  - !ruby/object:Gem::Version
256
256
  version: '0'
257
257
  requirements: []
258
- rubygems_version: 3.0.3
258
+ rubygems_version: 3.1.4
259
259
  signing_key:
260
260
  specification_version: 4
261
261
  summary: A gem to easily create SAML 2.0 messages.