libsaml 2.15.8 → 2.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/saml/config.rb +3 -1
  3. data/lib/saml/provider_stores/file.rb +22 -8
  4. data/lib/saml/util.rb +42 -26
  5. data/lib/saml/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1dd09c45a2c831a6112b6023a25f8fb2deca6513
4
- data.tar.gz: 028e34efefeb590965b21a468755614675ec4989
3
+ metadata.gz: 3fe168b0b5d962fce3379f08bf9b6e06c74825a6
4
+ data.tar.gz: 639c97ef468c1daf2b9410babc217e41c8c8f36a
5
5
  SHA512:
6
- metadata.gz: 19239eed4cb96c32583dfdb9214a85080ffca88ea6c2c6b71a6a64c5412b5384f2bf7fd1d361ca6f13da3359b210bbeed7c7247fbe98c7fabce753110c085430
7
- data.tar.gz: 32d75f484cd6410afc093455f8dc40334256e59da42b504f603fc8a226522f7043af60d338733461eed0c22e077447b79f5bdd3f75c8dce56e98e47fe3a04f00
6
+ metadata.gz: dbcd598c7e93aa9434c40fd62a452e76d29036acc6458df9939c46961f44297d968e714ffe66e8a327bdb85bbad9a23c969d7744998e533b51fc8e3d24cab9dc
7
+ data.tar.gz: 475f4a722b652995dcc2e3f7bba9f3226679d8f7d6cb280f9bdc4ad674ae1b9690fd4ca84b8986e74f8b00e2d43b6670714bb56ed7c5e1c68d3486751d9aa101
data/lib/saml/config.rb CHANGED
@@ -12,6 +12,9 @@ module Saml
12
12
  mattr_accessor :ssl_certificate_file
13
13
  @@ssl_certificate_file = nil
14
14
 
15
+ mattr_accessor :http_ca_file
16
+ @@http_ca_file = nil
17
+
15
18
  mattr_accessor :registered_stores
16
19
  @@registered_stores = {}
17
20
 
@@ -23,6 +26,5 @@ module Saml
23
26
  end
24
27
 
25
28
  module_function :register_store
26
-
27
29
  end
28
30
  end
data/lib/saml/provider_stores/file.rb CHANGED
@@ -3,32 +3,46 @@ module Saml
3
3
  class File
4
4
  attr_accessor :providers
5
5
 
6
- def initialize(metadata_dir = "config/metadata", key_file = "config/ssl/key.pem")
6
+ def initialize(metadata_dir = "config/metadata", key_file = "config/ssl/key.pem", key_password = nil)
7
7
  @mutex = Mutex.new
8
8
  self.providers = {}
9
9
 
10
- load_files(metadata_dir, key_file)
10
+ load_files(metadata_dir, key_file, key_password)
11
11
  end
12
12
 
13
13
  def find_by_entity_id(entity_id)
14
- self.providers[entity_id]
14
+ providers[entity_id]
15
15
  end
16
16
 
17
- def load_files(metadata_dir, key_file)
18
- Dir[::File.join(metadata_dir, "*.xml")].each do |file|
19
- add_metadata(::File.read(file), OpenSSL::PKey::RSA.new(::File.read(key_file)))
17
+ # Returns provider by source_id or nil if not found.
18
+ def find_by_source_id(source_id)
19
+ providers.find do |entity_id, _|
20
+ Digest::SHA1.digest(entity_id) == source_id
21
+ end.to_a[1]
22
+ end
23
+
24
+ def load_files(metadata_dir, key_file, key_password = nil)
25
+ Dir[::File.join(metadata_dir, '*.xml')].each do |file|
26
+ add_metadata(::File.read(file), get_private_key(key_file, key_password))
20
27
  end
21
28
  end
22
29
 
23
30
  def add_metadata(metadata_xml, private_key = nil)
24
31
  entity_descriptor = Saml::Elements::EntityDescriptor.parse(metadata_xml, single: true)
25
- type = entity_descriptor.sp_sso_descriptor.present? ? "service_provider" : "identity_provider"
32
+ type = entity_descriptor.sp_sso_descriptor.present? ? 'service_provider' : 'identity_provider'
26
33
  provider = BasicProvider.new(entity_descriptor, private_key, type)
27
34
 
28
35
  @mutex.synchronize do
29
- self.providers[provider.entity_id] = provider
36
+ providers[provider.entity_id] = provider
30
37
  end
31
38
  end
39
+
40
+ private
41
+
42
+ def get_private_key(file, password)
43
+ return OpenSSL::PKey::RSA.new(::File.read(file)) unless password.present?
44
+ OpenSSL::PKey::RSA.new(::File.read(file), password)
45
+ end
32
46
  end
33
47
  end
34
48
  end
data/lib/saml/util.rb CHANGED
@@ -21,22 +21,10 @@ module Saml
21
21
  http.use_ssl = uri.scheme == 'https'
22
22
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
23
23
 
24
- if Saml::Config.ssl_certificate_file.present? && Saml::Config.ssl_private_key_file.present?
25
- cert = File.read(Saml::Config.ssl_certificate_file)
26
- key = File.read(Saml::Config.ssl_private_key_file)
24
+ add_cacert_file(http)
25
+ add_ssl_certificate_and_key(http)
27
26
 
28
- http.cert = OpenSSL::X509::Certificate.new(cert)
29
- http.key = OpenSSL::PKey::RSA.new(key)
30
- end
31
-
32
- headers = {
33
- 'Content-Type' => 'text/xml',
34
- 'Cache-Control' => 'no-cache, no-store',
35
- 'Pragma' => 'no-cache'
36
- }
37
- headers.merge! additional_headers
38
-
39
- request = Net::HTTP::Post.new(uri.request_uri, headers)
27
+ request = Net::HTTP::Post.new(uri.request_uri, merged_headers(additional_headers))
40
28
  request.body = message
41
29
 
42
30
  http.request(request)
@@ -57,14 +45,14 @@ module Saml
57
45
 
58
46
  def encrypt_assertion(assertion, key_descriptor_or_certificate)
59
47
  case key_descriptor_or_certificate
60
- when OpenSSL::X509::Certificate
61
- certificate = key_descriptor_or_certificate
62
- key_name = nil
63
- when Saml::Elements::KeyDescriptor
64
- certificate = key_descriptor_or_certificate.certificate
65
- key_name = key_descriptor_or_certificate.key_info.key_name
66
- else
67
- raise ArgumentError.new("Expecting Certificate or KeyDescriptor got: #{key_descriptor_or_certificate.class}")
48
+ when OpenSSL::X509::Certificate
49
+ certificate = key_descriptor_or_certificate
50
+ key_name = nil
51
+ when Saml::Elements::KeyDescriptor
52
+ certificate = key_descriptor_or_certificate.certificate
53
+ key_name = key_descriptor_or_certificate.key_info.key_name
54
+ else
55
+ fail ArgumentError, "Expecting Certificate or KeyDescriptor got: #{key_descriptor_or_certificate.class}"
68
56
  end
69
57
 
70
58
  assertion = assertion.to_xml(nil, nil, false) if assertion.is_a?(Assertion) # create xml without instruct
@@ -113,7 +101,7 @@ module Saml
113
101
  message.provider.verify(signature_algorithm, signature, data, message.signature.key_name)
114
102
  end
115
103
 
116
- raise Saml::Errors::SignatureInvalid.new unless signature_valid
104
+ fail Saml::Errors::SignatureInvalid unless signature_valid
117
105
 
118
106
  signed_node = document.signed_nodes.find { |node| node['ID'] == message._id }
119
107
 
@@ -132,17 +120,45 @@ module Saml
132
120
  http.use_ssl = uri.scheme == 'https'
133
121
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
134
122
 
123
+ add_cacert_file(http)
124
+
135
125
  request = Net::HTTP::Get.new(uri.request_uri)
136
126
 
137
127
  response = http.request(request)
138
128
  if response.code == '200'
139
129
  response.body
140
130
  else
141
- raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{response.body}")
131
+ fail Saml::Errors::MetadataDownloadFailed, "Cannot download metadata for: #{location}: #{response.body}"
142
132
  end
143
133
  rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse,
144
134
  Net::HTTPHeaderSyntaxError, Net::ProtocolError => error
145
- raise Saml::Errors::MetadataDownloadFailed.new("Cannot download metadata for: #{location}: #{error.message}")
135
+ raise Saml::Errors::MetadataDownloadFailed, "Cannot download metadata for: #{location}: #{error.message}"
136
+ end
137
+
138
+ private
139
+
140
+ def merged_headers(headers)
141
+ { 'Content-Type' => 'text/xml',
142
+ 'Cache-Control' => 'no-cache, no-store',
143
+ 'Pragma' => 'no-cache' }.merge(headers)
144
+ end
145
+
146
+ def add_cacert_file(http)
147
+ return http unless Saml::Config.http_ca_file.present?
148
+ http.cert_store = OpenSSL::X509::Store.new
149
+ http.cert_store.set_default_paths
150
+ http.cert_store.add_file(Saml::Config.http_ca_file)
151
+ http
152
+ end
153
+
154
+ def add_ssl_certificate_and_key(http)
155
+ return http unless Saml::Config.ssl_certificate_file.present?
156
+ return http unless Saml::Config.ssl_private_key_file.present?
157
+ cert = File.read(Saml::Config.ssl_certificate_file)
158
+ key = File.read(Saml::Config.ssl_private_key_file)
159
+ http.cert = OpenSSL::X509::Certificate.new(cert)
160
+ http.key = OpenSSL::PKey::RSA.new(key)
161
+ http
146
162
  end
147
163
  end
148
164
  end
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = "2.15.8"
2
+ VERSION = "2.16.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.15.8
4
+ version: 2.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-01 00:00:00.000000000 Z
11
+ date: 2015-12-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport