libsaml 2.2.1 → 2.2.2

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    NjQ2MjM2ZTdiNTQzMTg2OTM2NjA5ZjU0MDQ2NDU3ZmZmZmMzNjcyNg==
-  data.tar.gz: !binary |-
-    ODViMzc1MDk1MzQ3MDY5MTlhMDIwYWE5Yjc4NTI3MDRjZmI1MmMyMA==
+SHA1:
+  metadata.gz: 376f0b864b8b4c1c1096f355b6be173740c02c20
+  data.tar.gz: 3767541a83f03d0680041922b0ea402cbb799ea0
 SHA512:
-  metadata.gz: !binary |-
-    NmI4NGEwYjE2OWQ3Y2U2ODQ2ZjcxMzNlZjhiNmFiMDBiNGRlMzY0YTNmNmJl
-    ODhiNjNiZTliNWEzYjM0M2RmYTNiNDMzNWE4ODRmMTBiMjI1MTg3Mjk2NWE0
-    MDBjNWFjMWFlZjY1YmZiZjMwOThlODI0NjIxMTFjOTZhZjQ5ODQ=
-  data.tar.gz: !binary |-
-    YjVkNGUyZTI5NjRkOTMwOWFhMzgwYWVlYjdkODNlZWE3ZjUyODdkYTdmMDBl
-    YjM0ZmZlYWE3YWYyM2IxOTdjNDlhY2I1MmEzYTUyNTU5NzQ4NTgxNGRmZTEz
-    ZTViMDhhOWJhNTJlZTc5ODc4M2I2NDg4NmJlM2Q3YzJlZmNhNjY=
+  metadata.gz: ed728b5842a2432874d9f08ecafd9d2b729dad0f207f5aa5ca2f764dfeeaf725deadf0ae57c443e6e140ee7a956af5c9d603b7a8084b84a282dd1d52d4909938
+  data.tar.gz: 025aa603a25a80e4e83d4ea9b4526595c525706983261f978f08238397f0817e2e02a1b4b90b33b20c20723bf8e42dd34989da52b43650b90c038cfa104ed1fc

data/README.md

@@ -0,0 +1,126 @@
+[![Build status](https://travis-ci.org/digidentity/libsaml.png?branch=master)](https://travis-ci.org/digidentity/libsaml)
+[![Coverage status](https://coveralls.io/repos/digidentity/libsaml/badge.png)](https://coveralls.io/r/digidentity/libsaml)
+[![Code climate](https://codeclimate.com/github/digidentity/libsaml.png)](https://codeclimate.com/github/digidentity/libsaml)
+[![Dependency status](https://gemnasium.com/digidentity/libsaml.png)](https://coveralls.io/r/digidentity/libsaml)
+
+# libsaml
+
+Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
+
+Libsaml's features include:
+
+- Multiple bindings:
+    - HTTP-Post
+    - HTTP-Redirect
+    - HTTP-Artifact
+    - SOAP
+- XML signing and verification
+- Pluggable backend for providers (FileStore backend included)
+
+Copyright [Digidentity B.V.](https://www.digidentity.eu/), released under the MIT license. This gem was written by [Benoist Claassen](https://github.com/benoist).
+
+## Installation
+
+Place in your Gemfile:
+
+```ruby
+gem 'libsaml', require: 'saml'
+```
+
+## Usage
+
+Below follows how to configure the SAML gem in a service provider.
+
+Store the private key in:
+`config/ssl/key.pem`
+
+Store the public key of the identity provider in:
+`config/ssl/trust-federate.cert`
+
+Add the Identity Provider web container configuration file to `config/metadata/service_provider.xml`.
+
+This contains an encoded version of the public key, generate this in the ruby console by typing:
+
+```ruby
+require 'openssl'
+require 'base64'
+
+pem = File.open("config/ssl/trust-federate.cert").read
+cert = OpenSSL::X509::Certificate.new(pem)
+output = Base64.encode64(cert.to_der).gsub("\n", "")
+```
+
+Add the Service Provider configuration file to: `config/metadata/service_provider.xml`:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
+  <md:SPSSODescriptor>
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" Location="http://localhost:3000/saml/receive_response" index="0" isDefault="true"/>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>
+```
+
+Set up an intializer in `config/initializers/saml_config.rb`:
+
+```ruby
+Saml.setup do |config|
+  config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
+end
+```
+
+By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the `#provider_store` function in the initializer and make a model that defines `#find_by_entity_id`:
+
+```ruby
+class SamlProvider < ActiveRecord::Base
+  include Saml::Provider
+
+  def self.find_by_entity_id(entity_id)
+    find_by entity_id: entity_id
+  end
+end
+```
+
+
+Now you can make a SAML controller in `app/controllers/saml_controller.rb`:
+
+```ruby
+class SamlController < ApplicationController
+  extend Saml::Rails::ControllerHelper
+  current_provider "entity_id"
+
+  def request_authentication
+    provider = Saml.provider("my:very:original:entityid")
+    destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
+
+    authn_request = Saml::AuthnRequest.new(:destination => destination)
+
+    @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
+
+    render text: @saml_attributes.to_yaml
+  end
+
+  def receive_response
+  end
+end
+```
+
+Don't forget to define the routes in `config/routes.rb`:
+
+```ruby
+  get "/saml/request_authentication" => "saml#request_authentication"
+  get "/saml/receive_response" => "saml#receive_response"
+```
+
+## Contributing
+
+- Fork the project
+- Contribute your changes. Please make sure your changes are properly documented and covered by tests.
+- Send a pull request

data/lib/saml/response.rb

@@ -21,13 +21,19 @@ module Saml
     def encrypt_assertions(certificate)
       @encrypted_assertions = []
       assertions.each do |assertion|
-        assertion_xml = assertion.is_a?(Assertion) ? assertion.to_xml : assertion.to_s
-
-        @encrypted_assertions << Saml::Util.encrypt_assertion(assertion_xml, certificate)
+        @encrypted_assertions << Saml::Util.encrypt_assertion(assertion, certificate)
       end
       assertions.clear
     end
 
+    def decrypt_assertions(private_key)
+      @assertions ||= []
+      encrypted_assertions.each do |encrypted_assertion|
+        @assertions << Saml::Util.decrypt_assertion(encrypted_assertion, private_key)
+      end
+      encrypted_assertions.clear
+    end
+
     def assertion
       assertions.first
     end

data/lib/saml/util.rb

@@ -52,10 +52,12 @@ module Saml
       end
 
       def encrypt_assertion(assertion, certificate)
+        assertion = assertion.to_xml(nil, nil, false) if assertion.is_a?(Assertion) # create xml without instruct
+
         encrypted_data = Xmlenc::Builder::EncryptedData.new
         encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes128-cbc')
 
-        encrypted_key = encrypted_data.encrypt(assertion)
+        encrypted_key = encrypted_data.encrypt(assertion.to_s)
         encrypted_key.set_encryption_method(algorithm:               'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
                                             digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
         encrypted_key.encrypt(certificate.public_key)
@@ -63,6 +65,14 @@ module Saml
         Saml::Elements::EncryptedAssertion.new(encrypted_data: encrypted_data, encrypted_keys: encrypted_key)
       end
 
+      def decrypt_assertion(encrypted_assertion, private_key)
+        encrypted_assertion_xml = encrypted_assertion.is_a?(Saml::Elements::EncryptedAssertion) ?
+            encrypted_assertion.to_xml : encrypted_assertion.to_s
+        encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_assertion_xml)
+
+        Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
+      end
+
       def verify_xml(message, raw_body)
         document = Xmldsig::SignedDocument.new(raw_body)
 

data/lib/saml/version.rb

@@ -1,3 +1,3 @@
 module Saml
-  VERSION = "2.2.1"
+  VERSION = "2.2.2"
 end

metadata

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: libsaml
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.2.2
 platform: ruby
 authors:
 - Benoist Claassen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-29 00:00:00.000000000 Z
+date: 2014-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.2.15
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.2.15
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: nokogiri-happymapper
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.5.7
 - !ruby/object:Gem::Dependency
   name: xmldsig
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.1
 - !ruby/object:Gem::Dependency
   name: xmlenc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: curb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
 description: Libsaml makes the creation of SAML 2.0 messages easy. The object structure
@@ -119,7 +119,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - MIT-LICENSE
-- README.rdoc
+- README.md
 - Rakefile
 - lib/saml.rb
 - lib/saml/artifact.rb
@@ -211,12 +211,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []

data/README.rdoc

@@ -1,95 +0,0 @@
-{<img src="https://travis-ci.org/digidentity/libsaml.png?branch=master" alt="Build Status" />}[https://travis-ci.org/digidentity/libsaml]
-{<img src="https://coveralls.io/repos/digidentity/libsaml/badge.png" alt="Coverage Status" />}[https://coveralls.io/r/digidentity/libsaml]
-{<img src="https://gemnasium.com/digidentity/libsaml.png" alt="Dependency Status" />}[https://gemnasium.com/digidentity/libsaml]
-{<img src="https://codeclimate.com/github/digidentity/libsaml.png" />}[https://codeclimate.com/github/digidentity/libsaml]
-= libsaml
-Libsaml is a Ruby gem to easily create SAML 2.0 messages. This gem was written because other SAML gems were missing functionality such as XML signing.
-
-Libsaml's features include:
-- Bindings: HTTP-Post, HTTP-Redirect, HTTP-Artifact, SOAP
-- XML signing and verification
-- Pluggable backend for providers (FileStore backend included)
-
-Copyright Digidentity BV, released under the MIT license. This gem was written by Benoist Claassen.
-
-= Installation
-
-Place in your Gemfile:
-  gem 'libsaml', require: 'saml'
-
-= Usage
-Below follows how to configure the SAML gem in a service provider.
-
-Store the private key in:
-config/ssl/key.pem
-
-Store the public key of the identity provider in:
-config/ssl/trust-federate.cert
-
-Add the Identity Provider web container configuration file to config/metadata/service_provider.xml.
-This contains an encoded version of the public key, generate this in the ruby console by typing:
-  irb
-  require 'openssl'
-  require 'base64'
-  pem = File.open("config/ssl/trust-federate.cert").read
-  cert = OpenSSL::X509::Certificate.new(pem)
-  output = Base64.encode64(cert.to_der).gsub("\n", "")
-
-Add the Service Provider configuration file to config/metadata/service_provider.xml:
-  <?xml version="1.0" encoding="UTF-8"?>
-  <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"   ID="_052c51476c9560a429e1171e8c9528b96b69fb57" entityID="my:very:original:entityid">
-    <md:SPSSODescriptor>
-      <md:KeyDescriptor use="signing">
-        <ds:KeyInfo>
-          <ds:X509Data>
-            <ds:X509Certificate>SAME_KEY_AS_GENERATED_IN_THE_CONSOLE_BEFORE</ds:X509Certificate>
-          </ds:X509Data>
-        </ds:KeyInfo>
-      </md:KeyDescriptor>
-      <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Post" index="0" Location="http://localhost:3000/saml/receive_response" isDefault="true"/>
-    </md:SPSSODescriptor>
-  </md:EntityDescriptor>
-
-Set up an intializer in config/initializers/saml_config.rb:
-  Saml.setup do |config|
-    config.register_store :file, Saml::ProviderStores::File.new("config/metadata", "config/ssl/key.pem"), default: true
-  end
-
-By default this will use a SamlProvider model that uses the filestore, if you want a database driven model comment out the #provider_store function in the initializer and make a model that defines #find_by_entity_id:
-  class SamlProvider < ActiveRecord::Base
-    include Saml::Provider
-
-    def self.find_by_entity_id(entity_id)
-      where(entity_id: entity_id).first!
-    end
-  end
-
-
-Now you can make a SAML controller in app/controllers/saml_controller.rb:
-  class SamlController < ApplicationController
-    extend Saml::Rails::ControllerHelper
-    current_provider "entity_id"
-
-    def request_authentication
-      provider = Saml.provider("my:very:original:entityid")
-      destination = provider.single_sign_on_service_url(Saml::ProtocolBindings::HTTP_POST)
-
-      authn_request = Saml::AuthnRequest.new(:destination => destination)
-
-      @saml_attributes = Saml::Bindings::HTTPPost.create_form_attributes(authn_request)
-
-      render text: @saml_attributes.to_yaml
-    end
-
-    def receive_response
-    end
-  end
-
-Don't forget to define the routes in config/routes.rb:
-  get "/saml/request_authentication" => "saml#request_authentication"
-  get "/saml/receive_response" => "saml#receive_response"
-
-= Contributing
-- Fork the project
-- Contribute your changes. Please make sure your changes are properly documented and covered by tests.
-- Send a pull request