omniauth-suomifi 0.1.0

data/lib/omniauth-suomifi/test/utility.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Suomifi
+    module Test
+      class Utility
+        def self.inflate_xml(encoded_deflated_xml)
+          deflated_xml = Base64.decode64(encoded_deflated_xml)
+          Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(deflated_xml)
+        end
+
+        def self.encrypted_signed_xml(raw_xml_file, opts)
+          xml_source = XmlEncryptor.encrypted_xml(
+            raw_xml_file,
+            opts[:certificate],
+            opts[:sign_certificate],
+            opts[:sign_private_key]
+          )
+          sign_xml_element(
+            xml_source,
+            opts[:sign_certificate],
+            opts[:sign_private_key]
+          )
+        end
+
+        def self.encrypted_signed_xml_from_string(raw_xml, opts)
+          xml_source = XmlEncryptor.encrypted_xml_from_string(
+            raw_xml,
+            opts[:certificate],
+            opts[:sign_certificate],
+            opts[:sign_private_key]
+          )
+          sign_xml_element(
+            xml_source,
+            opts[:sign_certificate],
+            opts[:sign_private_key]
+          )
+        end
+
+        def self.sign_xml_element(element, sign_certificate, sign_key)
+          doc = XMLSecurity::Document.new(element)
+          doc.sign_document(
+            sign_key,
+            sign_certificate,
+            XMLSecurity::Document::RSA_SHA256,
+            XMLSecurity::Document::SHA256
+          )
+          # Move the signature to the correct position, otherwise schema
+          # validation does not work because the internal logic of ruby-saml
+          # cannot handle custom element names (saml2:Issuer instead of
+          # saml:Issuer).
+          signature = doc.delete_element('//ds:Signature')
+          issuer = doc.elements['//saml2:Issuer']
+          doc.root.insert_after(issuer, signature)
+
+          doc.to_s
+        end
+
+        def self.template_filepath(filename)
+          File.expand_path(File.join('templates', filename), __dir__)
+        end
+      end
+    end
+  end
+end

data/lib/omniauth-suomifi/test/xml_encryptor.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require 'xmlenc'
+
+module OmniAuth
+  module Suomifi
+    module Test
+      class XmlEncryptor
+        attr_reader :certificate, :sign_certificate, :sign_key
+
+        def initialize(opts)
+          @certificate = opts[:encryption_certificate]
+          @sign_certificate = opts[:sign_certificate]
+          @sign_key = opts[:sign_key]
+        end
+
+        def encrypt(raw_xml)
+          doc = XMLSecurity::Document.new(raw_xml)
+          assertion = doc.delete_element('//saml2:Assertion')
+          return doc.to_s unless assertion
+
+          assertion_signed = Utility.sign_xml_element(assertion.to_s, sign_certificate, sign_key)
+
+          encrypted = doc.root.add_element(
+            'saml2:EncryptedAssertion',
+            'xmlns:saml2' => 'urn:oasis:names:tc:SAML:2.0:assertion'
+          )
+          encrypted.add_element(
+            REXML::Document.new(encrypted_node_for(assertion_signed))
+          )
+
+          doc.to_s
+        end
+
+        def self.encrypted_xml(raw_xml_file, cert, sign_cert, sign_key)
+          raw_xml = IO.read(raw_xml_file)
+          encrypted_xml_from_string(raw_xml, cert, sign_cert, sign_key)
+        end
+
+        def self.encrypted_xml_from_string(raw_xml, cert, sign_cert, sign_key)
+          enc = new(
+            encryption_certificate: cert,
+            sign_certificate: sign_cert,
+            sign_key: sign_key
+          )
+
+          enc.encrypt(raw_xml)
+        end
+
+      private
+
+        def encryption_template
+          template_path = Utility.template_filepath(
+            'encrypted_data_template.xml'
+          )
+          template_io = IO.read(template_path)
+
+          Nokogiri::XML::Document.parse(template_io).root
+        end
+
+        def encrypted_node_for(raw_xml)
+          enc_tpl = encryption_template
+
+          cert_node = enc_tpl.at_xpath(
+            '//ds:KeyInfo/xenc:EncryptedKey/ds:KeyInfo/ds:X509Data/ds:X509Certificate',
+            Xmlenc::NAMESPACES
+          )
+          cert_node.content = certificate_string
+          encrypted_data = Xmlenc::EncryptedData.new(enc_tpl)
+          encryption_key = encrypted_data.encrypt(raw_xml)
+          encrypted_key_node = encrypted_data.node.at_xpath(
+            '//xenc:EncryptedData/ds:KeyInfo/xenc:EncryptedKey',
+            Xmlenc::NAMESPACES
+          )
+          encrypted_key = Xmlenc::EncryptedKey.new(encrypted_key_node)
+          encrypted_key.encrypt(certificate.public_key, encryption_key)
+
+          encrypted_data.node.to_s
+        end
+
+        def certificate_string
+          certificate.to_pem.gsub(
+            /-----((BEGIN CERTIFICATE)|(END CERTIFICATE))-----\n/,
+            ''
+          ).strip
+        end
+      end
+    end
+  end
+end

data/lib/omniauth-suomifi/test.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative 'test/certificate_generator'
+require_relative 'test/utility'
+require_relative 'test/xml_encryptor'
+
+module OmniAuth
+  module Suomifi
+    module Test
+    end
+  end
+end

data/lib/omniauth-suomifi/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Suomifi
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth-suomifi.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require 'omniauth-suomifi/version'
+require 'omniauth/strategies/suomifi'

metadata

@@ -0,0 +1,158 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-suomifi
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Antti Hukkanen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-saml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.2
+- !ruby/object:Gem::Dependency
+  name: xmlenc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.0
+description: Suomi.fi e-Identification service integration for OmniAuth.
+email:
+- antti.hukkanen@mainiotech.fi
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- lib/omniauth-suomifi.rb
+- lib/omniauth-suomifi/test.rb
+- lib/omniauth-suomifi/test/certificate_generator.rb
+- lib/omniauth-suomifi/test/templates/encrypted_data_template.xml
+- lib/omniauth-suomifi/test/utility.rb
+- lib/omniauth-suomifi/test/xml_encryptor.rb
+- lib/omniauth-suomifi/version.rb
+- lib/omniauth/strategies/suomifi.rb
+homepage: https://github.com/mainio/omniauth-suomifi
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Provides a Suomi.fi strategy for OmniAuth.
+test_files: []