libsaml 3.8.0 → 3.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml/elements/encrypted_attribute.rb +1 -19
- data/lib/saml/elements/encrypted_id.rb +8 -32
- data/lib/saml/util.rb +26 -0
- data/lib/saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2426d8b0b8d15224e07684bf9137716eefaeacf012f34b96c749bc8a61773efc
|
|
4
|
+
data.tar.gz: 8f3ff2560d4a89cb82c03148fbe6876bddaf29976a2a6932e703aea3c688e834
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3629c58577294a0c7945a3641161ea4c22edd7f996c74d412812e72ae9990881c1dd1e4344282c98c68f1c6150a41f475bd908e605315d12d2fa055a6e815f4a
|
|
7
|
+
data.tar.gz: 9c5ff0253ccd9d6964acc28e4b4bdb6eff2e2920c7299043dd1ef2b9eb8713018d6d2646c279fb8f334304686f81f442bb0c3a4ed43e1392d93cd614ef7cf943
|
|
@@ -15,27 +15,9 @@ module Saml
|
|
|
15
15
|
validates :encrypted_data, presence: true
|
|
16
16
|
|
|
17
17
|
def encrypt(attribute, encrypted_key_data, encrypted_data_options = {})
|
|
18
|
-
self
|
|
19
|
-
self.encrypted_data.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
|
20
|
-
self.encrypted_data.set_key_name key_name
|
|
21
|
-
|
|
22
|
-
encrypted_key_data.each do |key_descriptor, key_options|
|
|
23
|
-
encrypted_key = self.encrypted_data.encrypt Nokogiri::XML(attribute.to_xml).root.to_xml, key_options
|
|
24
|
-
encrypted_key.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
25
|
-
encrypted_key.set_key_name key_descriptor.key_info.key_name
|
|
26
|
-
encrypted_key.carried_key_name = key_name
|
|
27
|
-
encrypted_key.encrypt key_descriptor.certificate.public_key
|
|
28
|
-
|
|
29
|
-
self.encrypted_keys ||= []
|
|
30
|
-
self.encrypted_keys << encrypted_key
|
|
31
|
-
end
|
|
18
|
+
Saml::Util.encrypt_element(self, attribute, encrypted_key_data, encrypted_data_options)
|
|
32
19
|
end
|
|
33
20
|
|
|
34
|
-
private
|
|
35
|
-
|
|
36
|
-
def key_name
|
|
37
|
-
@key_name ||= Saml.generate_id
|
|
38
|
-
end
|
|
39
21
|
end
|
|
40
22
|
end
|
|
41
23
|
end
|
|
@@ -47,7 +47,7 @@ module Saml
|
|
|
47
47
|
algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
|
48
48
|
)
|
|
49
49
|
|
|
50
|
-
encrypted_key = self.encrypted_data.encrypt(
|
|
50
|
+
encrypted_key = self.encrypted_data.encrypt(Nokogiri::XML(name_id.to_xml).root.to_xml, key_options)
|
|
51
51
|
encrypted_key.set_encryption_method(
|
|
52
52
|
algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
|
|
53
53
|
digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
@@ -60,42 +60,18 @@ module Saml
|
|
|
60
60
|
self.name_id = nil
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
-
def encrypt_for_multiple_key_descriptors(
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
self.encrypted_data.set_key_name key_name
|
|
69
|
-
self.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
|
|
70
|
-
|
|
71
|
-
original_encrypted_key = self.encrypted_data.encrypt(name_id_xml, key_options)
|
|
72
|
-
|
|
73
|
-
key_descriptors.each do |key_descriptor|
|
|
74
|
-
encrypted_key_options = key_options.merge(
|
|
75
|
-
id: "_#{SecureRandom.uuid}",
|
|
76
|
-
data: original_encrypted_key.data,
|
|
77
|
-
carried_key_name: key_name
|
|
78
|
-
)
|
|
79
|
-
|
|
80
|
-
encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
|
|
81
|
-
encrypted_key.add_data_reference(self.encrypted_data.id)
|
|
82
|
-
encrypted_key.set_key_name(key_descriptor.key_info.key_name)
|
|
83
|
-
encrypted_key.set_encryption_method(
|
|
84
|
-
algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
|
|
85
|
-
digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
86
|
-
)
|
|
87
|
-
encrypted_key.encrypt(key_descriptor.certificate.public_key)
|
|
88
|
-
|
|
89
|
-
encrypted_keys << encrypted_key
|
|
63
|
+
def encrypt_for_multiple_key_descriptors(encrypted_key_data, encrypted_data_options = {})
|
|
64
|
+
if encrypted_data_options[:recipient].present? && encrypted_key_data.first.is_a?(Saml::Elements::KeyDescriptor)
|
|
65
|
+
encrypted_key_data.map! do |key_descriptor|
|
|
66
|
+
[ key_descriptor, { recipient: encrypted_data_options[:recipient] } ]
|
|
67
|
+
end
|
|
90
68
|
end
|
|
91
69
|
|
|
92
|
-
self
|
|
70
|
+
Saml::Util.encrypt_element(self, name_id, encrypted_key_data, encrypted_data_options)
|
|
71
|
+
|
|
93
72
|
self.name_id = nil
|
|
94
73
|
end
|
|
95
74
|
|
|
96
|
-
def name_id_xml
|
|
97
|
-
Nokogiri::XML(name_id.to_xml).root.to_xml
|
|
98
|
-
end
|
|
99
75
|
end
|
|
100
76
|
end
|
|
101
77
|
end
|
data/lib/saml/util.rb
CHANGED
|
@@ -98,6 +98,32 @@ module Saml
|
|
|
98
98
|
Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
|
|
99
99
|
end
|
|
100
100
|
|
|
101
|
+
def encrypt_element(element, target_element, encrypted_key_data, encrypted_data_options)
|
|
102
|
+
key_name = encrypted_data_options.fetch(:key_name, Saml.generate_id)
|
|
103
|
+
|
|
104
|
+
element.encrypted_data = Xmlenc::Builder::EncryptedData.new(encrypted_data_options)
|
|
105
|
+
element.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
|
|
106
|
+
element.encrypted_data.set_key_name key_name
|
|
107
|
+
|
|
108
|
+
original_encrypted_key = element.encrypted_data.encrypt(Nokogiri::XML(target_element.to_xml).root.to_xml, encrypted_data_options)
|
|
109
|
+
|
|
110
|
+
encrypted_key_data.each do |key_descriptor, key_options = {}|
|
|
111
|
+
encrypted_key_options = key_options.merge(id: Saml.generate_id, data: original_encrypted_key.data)
|
|
112
|
+
|
|
113
|
+
encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
|
|
114
|
+
encrypted_key.add_data_reference(element.encrypted_data.id)
|
|
115
|
+
encrypted_key.set_key_name(key_descriptor.key_info.key_name)
|
|
116
|
+
encrypted_key.carried_key_name = key_name
|
|
117
|
+
encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
|
|
118
|
+
encrypted_key.encrypt(key_descriptor.certificate.public_key)
|
|
119
|
+
|
|
120
|
+
element.encrypted_keys ||= []
|
|
121
|
+
element.encrypted_keys << encrypted_key
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
element
|
|
125
|
+
end
|
|
126
|
+
|
|
101
127
|
def encrypt_name_id(name_id, key_descriptor, key_options = {})
|
|
102
128
|
encrypted_id = Saml::Elements::EncryptedID.new(name_id: name_id)
|
|
103
129
|
encrypt_encrypted_id(encrypted_id, key_descriptor, key_options)
|
data/lib/saml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libsaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoist Claassen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-04-
|
|
11
|
+
date: 2020-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|