libsaml 2.9.0 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 194bdb769169b21923b5fa689fe9866751f09f0a
-  data.tar.gz: 5ab51c74f9e390e80388f1529016f1c49b3a187e
+  metadata.gz: 882f50e4ac23264d5ca2b47dca17df3805e8a6ed
+  data.tar.gz: 52e24e2e5867fd8709011f2c5e96b1a3d8f56ea9
 SHA512:
-  metadata.gz: 199ce03937ac45c4cc56879ab807af9d61152be42777e140878685b28ad1adf657379eed0029e63b54a38f5be55168101a997400605e3d869685f45b1a93cc82
-  data.tar.gz: 6e655df6e753dc658eb7207a0936e14746b61358498a541b662b94dda7bfa047de9d241eec12d28fd50a28209df1ed6abd992637e762e480a083473e18fb9dd0
+  metadata.gz: d4b5a5bef05f0756775db7cbe1922fb1fe8b62cb84807c43a832cca8b66f571e3db090c321d7e49fd8365f57547dc3725f91469c1e85bd1a62d33719e380d7b2
+  data.tar.gz: d346b7bcb9c684047717ff157615b16fbf35cfd2c09de5f9e9b6f95f66036182c44a68344dbef7a33e2c169a1aac1097375496dcc6b03a04b6b74f0de792dac4

data/lib/saml.rb

@@ -97,6 +97,9 @@ module Saml
     require 'saml/complex_types/attribute_type'
     require 'saml/complex_types/localized_name_type'
     require 'saml/complex_types/statement_abstract_type'
+    require 'saml/complex_types/subject_query_abstract_type'
+    require 'saml/complex_types/attribute_query_type'
+    require 'saml/complex_types/evidence_type'
   end
 
   module Elements
@@ -113,6 +116,9 @@ module Saml
     require 'saml/elements/subject_confirmation'
     require 'saml/elements/encrypted_assertion'
     require 'saml/elements/encrypted_attribute'
+    require 'saml/elements/name_id'
+    require 'saml/elements/name_id_format'
+    require 'saml/elements/encrypted_id'
     require 'saml/elements/attribute_value'
     require 'saml/elements/attribute'
     require 'saml/elements/attribute_statement'
@@ -124,8 +130,6 @@ module Saml
     require 'saml/elements/service_description'
     require 'saml/elements/requested_attribute'
     require 'saml/elements/attribute_consuming_service'
-    require 'saml/elements/name_id'
-    require 'saml/elements/name_id_format'
     require 'saml/elements/subject'
     require 'saml/elements/conditions'
     require 'saml/elements/authn_statement'
@@ -141,6 +145,8 @@ module Saml
     require 'saml/elements/attribute_authority_descriptor'
     require 'saml/elements/entity_descriptor'
     require 'saml/elements/entities_descriptor'
+    require 'saml/elements/attribute_query'
+    require 'saml/elements/evidence'
   end
 
   module Rails

data/lib/saml/complex_types/attribute_query_type.rb

@@ -0,0 +1,20 @@
+module Saml
+  module ComplexTypes
+    module AttributeQueryType
+      extend ActiveSupport::Concern
+
+      include SubjectQueryAbstractType
+
+      included do
+        has_many :attributes, Saml::Elements::Attribute
+      end
+
+      def initialize(*args)
+        options = args.extract_options!
+        super(*(args << options))
+        @attributes = []
+      end
+    end
+  end
+end
+

data/lib/saml/complex_types/evidence_type.rb

@@ -0,0 +1,23 @@
+module Saml
+  module ComplexTypes
+    module EvidenceType
+      extend ActiveSupport::Concern
+
+      included do
+        require 'saml/assertion'
+
+        has_many :assertion, ::Saml::Assertion
+
+        validates :assertion, presence: true
+      end
+
+      def initialize(*args)
+        options = args.extract_options!
+        @assertion = options.delete(:assertion)
+        super(*(args << options))
+      end
+    end
+  end
+end
+
+

data/lib/saml/complex_types/subject_query_abstract_type.rb

@@ -0,0 +1,27 @@
+module Saml
+  module ComplexTypes
+    module SubjectQueryAbstractType
+      extend ActiveSupport::Concern
+
+      include RequestAbstractType
+
+      included do
+        element :subject, Saml::Elements::Subject
+
+        validates :subject, presence: true
+      end
+
+      def initialize(*args)
+        options = args.extract_options!
+        @subject = Saml::Elements::Subject.new(
+          name_id: options.delete(:name_id),
+          name_id_format: options.delete(:name_id_format),
+          recipient: options.delete(:recipient),
+          in_response_to: options.delete(:in_response_to)
+        )
+        super(*(args << options))
+      end
+    end
+  end
+end
+

data/lib/saml/elements/attribute_query.rb

@@ -0,0 +1,12 @@
+module Saml
+  module Elements
+    class AttributeQuery
+      include HappyMapper
+      include Saml::Base
+      include Saml::ComplexTypes::AttributeQueryType
+
+      tag 'AttributeQuery'
+      namespace 'samlp'
+    end
+  end
+end

data/lib/saml/elements/attribute_value.rb

@@ -1,14 +1,17 @@
 module Saml
   module Elements
     class AttributeValue
-      include Saml::Base
+      include ::Saml::Base
+
+      tag 'AttributeValue'
 
       register_namespace 'saml', Saml::SAML_NAMESPACE
       register_namespace 'xs',   Saml::XS_NAMESPACE
       register_namespace 'xsi',  Saml::XSI_NAMESPACE
 
       namespace 'saml'
-      tag 'AttributeValue'
+
+      has_one :encrypted_id, EncryptedID
 
       attribute :type, String, tag: 'xsi:type'
 

data/lib/saml/elements/encrypted_id.rb

@@ -0,0 +1,53 @@
+module Saml
+  module Elements
+    class EncryptedID
+      include ::HappyMapper
+      include ::Saml::Base
+      include ::Saml::XMLHelpers
+
+      tag 'EncryptedID'
+
+      register_namespace 'saml', ::Saml::SAML_NAMESPACE
+      namespace 'saml'
+
+      has_one :encrypted_data, Xmlenc::Builder::EncryptedData
+      has_many :encrypted_keys, Xmlenc::Builder::EncryptedKey
+      has_one :name_id, Saml::Elements::NameId
+
+      validates :encrypted_data, presence: true
+
+      def initialize(*args)
+        options = args.extract_options!
+        super(*(args << options))
+      end
+
+      def encrypt(key_descriptor, key_options = {})
+        certificate = key_descriptor.certificate
+        key_name = key_descriptor.key_info.key_name
+
+        self.encrypted_data = Xmlenc::Builder::EncryptedData.new
+        self.encrypted_data.set_key_retrieval_method Xmlenc::Builder::RetrievalMethod.new(
+          uri: "##{key_options[:id]}"
+        )
+        self.encrypted_data.set_encryption_method(
+          algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
+        )
+        encrypted_key = self.encrypted_data.encrypt(name_id_xml, key_options)
+        encrypted_key.set_encryption_method(
+          algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', 
+          digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
+        )
+        encrypted_key.set_key_name key_name
+        encrypted_key.encrypt certificate.public_key
+        self.encrypted_keys = [encrypted_key]
+        self.name_id = nil
+      end
+
+      private
+
+      def name_id_xml
+        Nokogiri::XML(name_id.to_xml).root.to_xml
+      end
+    end
+  end
+end

data/lib/saml/elements/evidence.rb

@@ -0,0 +1,11 @@
+module Saml
+  module Elements
+    class Evidence
+      include HappyMapper
+      include Saml::Base
+      include Saml::ComplexTypes::EvidenceType
+
+      tag 'Evidence'
+    end
+  end
+end

data/lib/saml/util.rb

@@ -29,7 +29,11 @@ module Saml
           http.key  = OpenSSL::PKey::RSA.new(key)
         end
 
-        headers = { 'Content-Type' => 'text/xml' }
+        headers = { 
+          'Content-Type' => 'text/xml',
+          'Cache-Control' => 'no-cache, no-store',
+          'Pragma' => 'no-cache'
+        }
         headers.merge! additional_headers
 
         request      = Net::HTTP::Post.new(uri.request_uri, headers)
@@ -85,6 +89,23 @@ module Saml
         Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
       end
 
+      def encrypt_name_id(name_id, key_descriptor, key_options = {})
+        encrypted_id = Saml::Elements::EncryptedID.new(name_id: name_id)
+        encrypt_encrypted_id(encrypted_id, key_descriptor, key_options)
+      end
+
+      def encrypt_encrypted_id(encrypted_id, key_descriptor, key_options = {})
+        encrypted_id.encrypt(key_descriptor, key_options)
+        encrypted_id
+      end
+
+      def decrypt_encrypted_id(encrypted_id, private_key)
+        encrypted_id_xml = encrypted_id.is_a?(Saml::Elements::EncryptedID) ?
+            encrypted_id.to_xml : encrypted_id.to_s
+        encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_id_xml)
+        Saml::Elements::EncryptedID.parse(encrypted_document.decrypt(private_key))
+      end
+
       def verify_xml(message, raw_body)
         document = Xmldsig::SignedDocument.new(raw_body)
 

data/lib/saml/version.rb

@@ -1,3 +1,3 @@
 module Saml
-  VERSION = "2.9.0"
+  VERSION = "2.10.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libsaml
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.10.0
 platform: ruby
 authors:
 - Benoist Claassen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-20 00:00:00.000000000 Z
+date: 2015-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: curb
   requirement: !ruby/object:Gem::Requirement
@@ -133,8 +133,10 @@ files:
 - lib/saml/bindings/http_post.rb
 - lib/saml/bindings/http_redirect.rb
 - lib/saml/bindings/soap.rb
+- lib/saml/complex_types/attribute_query_type.rb
 - lib/saml/complex_types/attribute_type.rb
 - lib/saml/complex_types/endpoint_type.rb
+- lib/saml/complex_types/evidence_type.rb
 - lib/saml/complex_types/indexed_endpoint_type.rb
 - lib/saml/complex_types/localized_name_type.rb
 - lib/saml/complex_types/request_abstract_type.rb
@@ -142,10 +144,12 @@ files:
 - lib/saml/complex_types/sso_descriptor_type.rb
 - lib/saml/complex_types/statement_abstract_type.rb
 - lib/saml/complex_types/status_response_type.rb
+- lib/saml/complex_types/subject_query_abstract_type.rb
 - lib/saml/config.rb
 - lib/saml/elements/attribute.rb
 - lib/saml/elements/attribute_authority_descriptor.rb
 - lib/saml/elements/attribute_consuming_service.rb
+- lib/saml/elements/attribute_query.rb
 - lib/saml/elements/attribute_statement.rb
 - lib/saml/elements/attribute_value.rb
 - lib/saml/elements/audience_restriction.rb
@@ -156,9 +160,11 @@ files:
 - lib/saml/elements/contact_person.rb
 - lib/saml/elements/encrypted_assertion.rb
 - lib/saml/elements/encrypted_attribute.rb
+- lib/saml/elements/encrypted_id.rb
 - lib/saml/elements/entities_descriptor.rb
 - lib/saml/elements/entity_attributes.rb
 - lib/saml/elements/entity_descriptor.rb
+- lib/saml/elements/evidence.rb
 - lib/saml/elements/idp_sso_descriptor.rb
 - lib/saml/elements/key_descriptor.rb
 - lib/saml/elements/key_info.rb