libsaml 2.1.0 → 2.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- OGYxNjQ4ZDFiYTBiNWNkODE0NWZkOTIxZWUwZjU2ODk0YmQxNGE2OA==
5
- data.tar.gz: !binary |-
6
- ZTcxMjVjMDJkNzA2NjRhMDcyNDQ3ZmVkNjBmZjFjYWEzYTFhOTE4NQ==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- ZGFjMzNhNmM2ODViOTAyMjAwYjQ1ZWE4YjYzOTU3MjQwNmUwNmY0YjNiNzU1
10
- NjcxNmRhNGMyNGI2NzlkMzc4ZGM2MTlhNGFjNWIwZDNiYWU2M2FiZTIzY2Vh
11
- Nzg0MmIxZDc4NTFiZTY0MGIwMzc4ZTgxZTY0YTRkMWI4ZWZjMjc=
12
- data.tar.gz: !binary |-
13
- NGQ5YWMwM2I3OWExODk4ZmUzMGMyMTM0NzdjNzM2MGIwY2FiM2U2MTg5ZGMz
14
- ZDJhNDIyZWEwMzM4MzIzZDA3Y2MyN2RjNGU0MzExYjEyYjhiNDI4OGY5NWE4
15
- ZjJiOWM1NjUwZDgyMDJmYmY2ZWY5MzEzMWNmMmU2NzhlZTZjOWQ=
2
+ SHA1:
3
+ metadata.gz: 04f6dac96a32dd7f02bda7921058ebc8fd319013
4
+ data.tar.gz: fa9dec218ddb5b563f89070afcd863b220ce64f6
5
+ SHA512:
6
+ metadata.gz: de6902e57a8c3fca4bec943e354f81d74c717fe2ab7488e178253e03340ea672e4ed5ecb88763e1ca268688b22ac2e265b932e93e1190dcf65800a2a085f64a0
7
+ data.tar.gz: 24209759a83b2322fe82fa6a06119420fc2267a1ea1f935ddf1ab6de6596b0b8c40700c3fd6de5c3a5fff26d39877c7a80fef1cb90b159ec43d2ff8621ae7636
data/README.rdoc CHANGED
@@ -49,7 +49,7 @@ Add the Service Provider configuration file to config/metadata/service_provider.
49
49
 
50
50
  Set up an intializer in config/initializers/saml_config.rb:
51
51
  Saml.setup do |config|
52
- config.register_store :file, Saml::ProviderStore::File.new("config/metadata", "config/ssl/key.pem"), default: true
52
+ config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
53
53
  end
54
54
 
55
55
  By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the #provider_store function in the initializer and make a model that defines #find_by_entity_id:
data/lib/saml.rb CHANGED
@@ -102,6 +102,7 @@ module Saml
102
102
  require 'saml/elements/status'
103
103
  require 'saml/elements/subject_confirmation_data'
104
104
  require 'saml/elements/subject_confirmation'
105
+ require 'saml/elements/encrypted_assertion'
105
106
  require 'saml/elements/encrypted_attribute'
106
107
  require 'saml/elements/attribute'
107
108
  require 'saml/elements/attribute_statement'
data/lib/saml/artifact.rb CHANGED
@@ -14,7 +14,7 @@ module Saml
14
14
  if artifact
15
15
  @artifact = artifact
16
16
  else
17
- source_id = ::Digest::SHA1.digest(Saml.current_provider.entity_id)
17
+ source_id = ::Digest::SHA1.digest(Saml.current_provider.entity_id.to_s)
18
18
  message_handle = ::SecureRandom.random_bytes(20)
19
19
  @type_code = TYPE_CODE
20
20
  @endpoint_index = END_POINT_INDEX
@@ -21,7 +21,9 @@ module Saml
21
21
  message = Saml::Encoding.decode_64(request.params["SAMLRequest"] || request.params["SAMLResponse"])
22
22
  request_or_response = Saml.parse_message(message, type)
23
23
 
24
- Saml::Util.verify_xml(request_or_response, message)
24
+ verified_request_or_response = Saml::Util.verify_xml(request_or_response, message)
25
+ verified_request_or_response.actual_destination = request.url
26
+ verified_request_or_response
25
27
  end
26
28
  end
27
29
  end
@@ -19,6 +19,7 @@ module Saml
19
19
 
20
20
  redirect_binding.verify_signature(query_string) if request_or_response.provider.authn_requests_signed?
21
21
 
22
+ request_or_response.actual_destination = http_request.url
22
23
  request_or_response
23
24
  end
24
25
 
@@ -12,21 +12,24 @@ module Saml
12
12
  register_namespace 'saml', Saml::SAML_NAMESPACE
13
13
  namespace 'samlp'
14
14
 
15
- attribute :_id, String, :tag => 'ID'
16
- attribute :version, String, :tag => "Version"
17
- attribute :issue_instant, Time, :tag => "IssueInstant", :on_save => lambda { |val| val.utc.xmlschema if val.present? }
18
- attribute :consent, String, :tag => "Consent"
15
+ attribute :_id, String, tag: 'ID'
16
+ attribute :version, String, tag: 'Version'
17
+ attribute :issue_instant, Time, tag: 'IssueInstant', on_save: lambda { |val| val.utc.xmlschema if val.present? }
18
+ attribute :consent, String, tag: 'Consent'
19
19
 
20
- attribute :destination, String, :tag => "Destination"
21
- element :issuer, String, :namespace => 'saml', :tag => "Issuer"
20
+ attribute :destination, String, tag: 'Destination'
21
+ element :issuer, String, namespace: 'saml', tag: 'Issuer'
22
22
 
23
23
  has_one :signature, Saml::Elements::Signature
24
24
  has_one :extensions, Saml::Elements::SAMLPExtensions
25
25
 
26
- validates :_id, :version, :issue_instant, :presence => true
26
+ attr_accessor :actual_destination
27
+
28
+ validates :_id, :version, :issue_instant, presence: true
27
29
 
28
30
  validates :version, inclusion: %w(2.0)
29
- validate :check_issue_instant, :if => "issue_instant.present?"
31
+ validate :check_destination, if: 'destination.present? && actual_destination.present?'
32
+ validate :check_issue_instant, if: 'issue_instant.present?'
30
33
  end
31
34
 
32
35
  def initialize(*args)
@@ -48,6 +51,10 @@ module Saml
48
51
  errors.add(:issue_instant, :too_old) if issue_instant < Time.now - Saml::Config.max_issue_instant_offset.minutes
49
52
  errors.add(:issue_instant, :too_new) if issue_instant > Time.now + Saml::Config.max_issue_instant_offset.minutes
50
53
  end
54
+
55
+ def check_destination
56
+ errors.add(:destination, :invalid) unless actual_destination.start_with?(destination)
57
+ end
51
58
  end
52
59
  end
53
60
  end
@@ -25,7 +25,7 @@ module Saml
25
25
 
26
26
  attribute :protocol_support_enumeration, String, :tag => "protocolSupportEnumeration"
27
27
  attribute :valid_until, Time, :tag => "validUntil"
28
- attribute :cache_duration, Integer, :tag => "cacheDuration"
28
+ attribute :cache_duration, String, :tag => "cacheDuration"
29
29
  attribute :error_url, String, :tag => "errorURL"
30
30
 
31
31
  has_many :key_descriptors, Saml::Elements::KeyDescriptor
@@ -0,0 +1,18 @@
1
+ module Saml
2
+ module Elements
3
+ class EncryptedAssertion
4
+ include Saml::Base
5
+
6
+ tag "EncryptedAssertion"
7
+
8
+ register_namespace "saml", Saml::SAML_NAMESPACE
9
+ namespace "saml"
10
+
11
+ element :encrypted_data, Xmlenc::Builder::EncryptedData
12
+
13
+ has_many :encrypted_keys, Xmlenc::Builder::EncryptedKey
14
+
15
+ validates :encrypted_data, presence: true
16
+ end
17
+ end
18
+ end
@@ -12,7 +12,7 @@ module Saml
12
12
  attribute :_id, String, :tag => "ID"
13
13
  attribute :name, String, :tag => "Name"
14
14
  attribute :valid_until, Time, :tag => "validUntil"
15
- attribute :cache_duration, Integer, :tag => "cacheDuration"
15
+ attribute :cache_duration, String, :tag => "cacheDuration"
16
16
 
17
17
  has_one :signature, Saml::Elements::Signature
18
18
 
@@ -13,7 +13,7 @@ module Saml
13
13
  attribute :name, String, :tag => "Name"
14
14
  attribute :entity_id, String, :tag => "entityID"
15
15
  attribute :valid_until, Time, :tag => "validUntil"
16
- attribute :cache_duration, Integer, :tag => "cacheDuration"
16
+ attribute :cache_duration, String, :tag => "cacheDuration"
17
17
 
18
18
  has_one :signature, Saml::Elements::Signature
19
19
 
@@ -18,11 +18,11 @@ module Saml
18
18
 
19
19
  def x509certificate=(cert)
20
20
  if cert.present?
21
- unless cert =~ /-----BEGIN CERTIFICATE-----/
22
- cert = cert.gsub(/\n/, '')
23
- cert = "-----BEGIN CERTIFICATE-----\n#{cert.gsub(/(.{1,64})/, "\\1\n")}-----END CERTIFICATE-----"
21
+ if cert =~ /-----BEGIN CERTIFICATE-----/
22
+ @x509certificate = OpenSSL::X509::Certificate.new(cert)
23
+ else
24
+ @x509certificate = OpenSSL::X509::Certificate.new(Base64.decode64(cert))
24
25
  end
25
- @x509certificate = OpenSSL::X509::Certificate.new(cert)
26
26
  end
27
27
  rescue OpenSSL::X509::CertificateError => e
28
28
  nil
data/lib/saml/provider.rb CHANGED
@@ -30,7 +30,7 @@ module Saml
30
30
  entity_descriptor.entity_id
31
31
  end
32
32
 
33
- def certificate(key_name, use = "signing")
33
+ def certificate(key_name = nil, use = "signing")
34
34
  key_descriptor = descriptor.find_key_descriptor(key_name, use)
35
35
  key_descriptor.certificate if key_descriptor
36
36
  end
data/lib/saml/response.rb CHANGED
@@ -3,7 +3,8 @@ module Saml
3
3
  include Saml::ComplexTypes::StatusResponseType
4
4
 
5
5
  tag "Response"
6
- has_many :assertions, Saml::Assertion, :tag => "Assertion"
6
+ has_many :assertions, Saml::Assertion
7
+ has_many :encrypted_assertions, Saml::Elements::EncryptedAssertion
7
8
 
8
9
  def authn_failed?
9
10
  !success? && status.status_code.authn_failed?
@@ -24,5 +25,13 @@ module Saml
24
25
  def assertion=(assertion)
25
26
  (self.assertions ||= []) << assertion
26
27
  end
28
+
29
+ def encrypted_assertion
30
+ encrypted_assertions.first
31
+ end
32
+
33
+ def encrypted_assertion=(encrypted_assertion)
34
+ (self.encrypted_assertions ||= []) << encrypted_assertion
35
+ end
27
36
  end
28
37
  end
data/lib/saml/util.rb CHANGED
@@ -7,7 +7,7 @@ module Saml
7
7
 
8
8
  params = {}
9
9
  query.split(/[&;]/).each do |pairs|
10
- key, value = pairs.split('=',2)
10
+ key, value = pairs.split('=', 2)
11
11
  params[key] = value
12
12
  end
13
13
 
@@ -39,6 +39,18 @@ module Saml
39
39
  end
40
40
  end
41
41
 
42
+ def encrypt_assertion(assertion, certificate)
43
+ encrypted_data = Xmlenc::Builder::EncryptedData.new
44
+ encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
45
+
46
+ encrypted_key = encrypted_data.encrypt(assertion)
47
+ encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
48
+ digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
49
+ encrypted_key.encrypt(certificate.public_key)
50
+
51
+ Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
52
+ end
53
+
42
54
  def verify_xml(message, raw_body)
43
55
  document = Xmldsig::SignedDocument.new(raw_body)
44
56
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = '2.1.0'
2
+ VERSION = "2.1.2"
3
3
  end
metadata CHANGED
@@ -1,41 +1,41 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-10-22 00:00:00.000000000 Z
11
+ date: 2013-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ! '>='
17
+ - - '>='
18
18
  - !ruby/object:Gem::Version
19
19
  version: 3.0.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ! '>='
24
+ - - '>='
25
25
  - !ruby/object:Gem::Version
26
26
  version: 3.0.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ! '>='
31
+ - - '>='
32
32
  - !ruby/object:Gem::Version
33
33
  version: 3.0.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ! '>='
38
+ - - '>='
39
39
  - !ruby/object:Gem::Version
40
40
  version: 3.0.0
41
41
  - !ruby/object:Gem::Dependency
@@ -72,40 +72,40 @@ dependencies:
72
72
  requirements:
73
73
  - - ~>
74
74
  - !ruby/object:Gem::Version
75
- version: 0.1.0
75
+ version: 0.1.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - ~>
81
81
  - !ruby/object:Gem::Version
82
- version: 0.1.0
82
+ version: 0.1.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: curb
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - ! '>='
87
+ - - '>='
88
88
  - !ruby/object:Gem::Version
89
89
  version: '0'
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - ! '>='
94
+ - - '>='
95
95
  - !ruby/object:Gem::Version
96
96
  version: '0'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: httpi
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ! '>='
101
+ - - '>='
102
102
  - !ruby/object:Gem::Version
103
103
  version: '0'
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ! '>='
108
+ - - '>='
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
111
  description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
@@ -147,6 +147,7 @@ files:
147
147
  - lib/saml/elements/authn_statement.rb
148
148
  - lib/saml/elements/conditions.rb
149
149
  - lib/saml/elements/contact_person.rb
150
+ - lib/saml/elements/encrypted_assertion.rb
150
151
  - lib/saml/elements/encrypted_attribute.rb
151
152
  - lib/saml/elements/entities_descriptor.rb
152
153
  - lib/saml/elements/entity_attributes.rb
@@ -210,17 +211,17 @@ require_paths:
210
211
  - lib
211
212
  required_ruby_version: !ruby/object:Gem::Requirement
212
213
  requirements:
213
- - - ! '>='
214
+ - - '>='
214
215
  - !ruby/object:Gem::Version
215
216
  version: '0'
216
217
  required_rubygems_version: !ruby/object:Gem::Requirement
217
218
  requirements:
218
- - - ! '>='
219
+ - - '>='
219
220
  - !ruby/object:Gem::Version
220
221
  version: '0'
221
222
  requirements: []
222
223
  rubyforge_project:
223
- rubygems_version: 2.0.6
224
+ rubygems_version: 2.0.3
224
225
  signing_key:
225
226
  specification_version: 4
226
227
  summary: A gem to easily create SAML 2.0 messages.