libsaml 3.8.0 → 3.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml/elements/encrypted_attribute.rb +1 -19
- data/lib/saml/elements/encrypted_id.rb +8 -32
- data/lib/saml/util.rb +26 -0
- data/lib/saml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2426d8b0b8d15224e07684bf9137716eefaeacf012f34b96c749bc8a61773efc
|
|
4
|
+
data.tar.gz: 8f3ff2560d4a89cb82c03148fbe6876bddaf29976a2a6932e703aea3c688e834
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3629c58577294a0c7945a3641161ea4c22edd7f996c74d412812e72ae9990881c1dd1e4344282c98c68f1c6150a41f475bd908e605315d12d2fa055a6e815f4a
|
|
7
|
+
data.tar.gz: 9c5ff0253ccd9d6964acc28e4b4bdb6eff2e2920c7299043dd1ef2b9eb8713018d6d2646c279fb8f334304686f81f442bb0c3a4ed43e1392d93cd614ef7cf943
|
|
@@ -15,27 +15,9 @@ module Saml
|
|
|
15
15
|
validates :encrypted_data, presence: true
|
|
16
16
|
|
|
17
17
|
def encrypt(attribute, encrypted_key_data, encrypted_data_options = {})
|
|
18
|
-
self
|
|
19
|
-
self.encrypted_data.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
|
20
|
-
self.encrypted_data.set_key_name key_name
|
|
21
|
-
|
|
22
|
-
encrypted_key_data.each do |key_descriptor, key_options|
|
|
23
|
-
encrypted_key = self.encrypted_data.encrypt Nokogiri::XML(attribute.to_xml).root.to_xml, key_options
|
|
24
|
-
encrypted_key.set_encryption_method algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
25
|
-
encrypted_key.set_key_name key_descriptor.key_info.key_name
|
|
26
|
-
encrypted_key.carried_key_name = key_name
|
|
27
|
-
encrypted_key.encrypt key_descriptor.certificate.public_key
|
|
28
|
-
|
|
29
|
-
self.encrypted_keys ||= []
|
|
30
|
-
self.encrypted_keys << encrypted_key
|
|
31
|
-
end
|
|
18
|
+
Saml::Util.encrypt_element(self, attribute, encrypted_key_data, encrypted_data_options)
|
|
32
19
|
end
|
|
33
20
|
|
|
34
|
-
private
|
|
35
|
-
|
|
36
|
-
def key_name
|
|
37
|
-
@key_name ||= Saml.generate_id
|
|
38
|
-
end
|
|
39
21
|
end
|
|
40
22
|
end
|
|
41
23
|
end
|
|
@@ -47,7 +47,7 @@ module Saml
|
|
|
47
47
|
algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
|
|
48
48
|
)
|
|
49
49
|
|
|
50
|
-
encrypted_key = self.encrypted_data.encrypt(
|
|
50
|
+
encrypted_key = self.encrypted_data.encrypt(Nokogiri::XML(name_id.to_xml).root.to_xml, key_options)
|
|
51
51
|
encrypted_key.set_encryption_method(
|
|
52
52
|
algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
|
|
53
53
|
digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
@@ -60,42 +60,18 @@ module Saml
|
|
|
60
60
|
self.name_id = nil
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
-
def encrypt_for_multiple_key_descriptors(
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
self.encrypted_data.set_key_name key_name
|
|
69
|
-
self.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
|
|
70
|
-
|
|
71
|
-
original_encrypted_key = self.encrypted_data.encrypt(name_id_xml, key_options)
|
|
72
|
-
|
|
73
|
-
key_descriptors.each do |key_descriptor|
|
|
74
|
-
encrypted_key_options = key_options.merge(
|
|
75
|
-
id: "_#{SecureRandom.uuid}",
|
|
76
|
-
data: original_encrypted_key.data,
|
|
77
|
-
carried_key_name: key_name
|
|
78
|
-
)
|
|
79
|
-
|
|
80
|
-
encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
|
|
81
|
-
encrypted_key.add_data_reference(self.encrypted_data.id)
|
|
82
|
-
encrypted_key.set_key_name(key_descriptor.key_info.key_name)
|
|
83
|
-
encrypted_key.set_encryption_method(
|
|
84
|
-
algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
|
|
85
|
-
digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
|
|
86
|
-
)
|
|
87
|
-
encrypted_key.encrypt(key_descriptor.certificate.public_key)
|
|
88
|
-
|
|
89
|
-
encrypted_keys << encrypted_key
|
|
63
|
+
def encrypt_for_multiple_key_descriptors(encrypted_key_data, encrypted_data_options = {})
|
|
64
|
+
if encrypted_data_options[:recipient].present? && encrypted_key_data.first.is_a?(Saml::Elements::KeyDescriptor)
|
|
65
|
+
encrypted_key_data.map! do |key_descriptor|
|
|
66
|
+
[ key_descriptor, { recipient: encrypted_data_options[:recipient] } ]
|
|
67
|
+
end
|
|
90
68
|
end
|
|
91
69
|
|
|
92
|
-
self
|
|
70
|
+
Saml::Util.encrypt_element(self, name_id, encrypted_key_data, encrypted_data_options)
|
|
71
|
+
|
|
93
72
|
self.name_id = nil
|
|
94
73
|
end
|
|
95
74
|
|
|
96
|
-
def name_id_xml
|
|
97
|
-
Nokogiri::XML(name_id.to_xml).root.to_xml
|
|
98
|
-
end
|
|
99
75
|
end
|
|
100
76
|
end
|
|
101
77
|
end
|
data/lib/saml/util.rb
CHANGED
|
@@ -98,6 +98,32 @@ module Saml
|
|
|
98
98
|
Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
|
|
99
99
|
end
|
|
100
100
|
|
|
101
|
+
def encrypt_element(element, target_element, encrypted_key_data, encrypted_data_options)
|
|
102
|
+
key_name = encrypted_data_options.fetch(:key_name, Saml.generate_id)
|
|
103
|
+
|
|
104
|
+
element.encrypted_data = Xmlenc::Builder::EncryptedData.new(encrypted_data_options)
|
|
105
|
+
element.encrypted_data.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc')
|
|
106
|
+
element.encrypted_data.set_key_name key_name
|
|
107
|
+
|
|
108
|
+
original_encrypted_key = element.encrypted_data.encrypt(Nokogiri::XML(target_element.to_xml).root.to_xml, encrypted_data_options)
|
|
109
|
+
|
|
110
|
+
encrypted_key_data.each do |key_descriptor, key_options = {}|
|
|
111
|
+
encrypted_key_options = key_options.merge(id: Saml.generate_id, data: original_encrypted_key.data)
|
|
112
|
+
|
|
113
|
+
encrypted_key = Xmlenc::Builder::EncryptedKey.new(encrypted_key_options)
|
|
114
|
+
encrypted_key.add_data_reference(element.encrypted_data.id)
|
|
115
|
+
encrypted_key.set_key_name(key_descriptor.key_info.key_name)
|
|
116
|
+
encrypted_key.carried_key_name = key_name
|
|
117
|
+
encrypted_key.set_encryption_method(algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p', digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1')
|
|
118
|
+
encrypted_key.encrypt(key_descriptor.certificate.public_key)
|
|
119
|
+
|
|
120
|
+
element.encrypted_keys ||= []
|
|
121
|
+
element.encrypted_keys << encrypted_key
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
element
|
|
125
|
+
end
|
|
126
|
+
|
|
101
127
|
def encrypt_name_id(name_id, key_descriptor, key_options = {})
|
|
102
128
|
encrypted_id = Saml::Elements::EncryptedID.new(name_id: name_id)
|
|
103
129
|
encrypt_encrypted_id(encrypted_id, key_descriptor, key_options)
|
data/lib/saml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: libsaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Benoist Claassen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-04-
|
|
11
|
+
date: 2020-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|