saml-kit 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/exe/saml-kit-create-self-signed-certificate +1 -1
- data/exe/saml-kit-decode-http-post +1 -3
- data/exe/saml-kit-decode-http-redirect +2 -3
- data/lib/saml/kit.rb +1 -14
- data/lib/saml/kit/assertion.rb +14 -11
- data/lib/saml/kit/bindings/url_builder.rb +1 -1
- data/lib/saml/kit/builders.rb +2 -2
- data/lib/saml/kit/builders/assertion.rb +3 -2
- data/lib/saml/kit/builders/authentication_request.rb +3 -2
- data/lib/saml/kit/builders/encrypted_assertion.rb +20 -0
- data/lib/saml/kit/builders/identity_provider_metadata.rb +4 -3
- data/lib/saml/kit/builders/logout_request.rb +3 -2
- data/lib/saml/kit/builders/logout_response.rb +3 -2
- data/lib/saml/kit/builders/metadata.rb +4 -3
- data/lib/saml/kit/builders/response.rb +14 -5
- data/lib/saml/kit/builders/service_provider_metadata.rb +2 -1
- data/lib/saml/kit/builders/templates/assertion.builder +21 -23
- data/lib/saml/kit/builders/templates/encrypted_assertion.builder +5 -0
- data/lib/saml/kit/configuration.rb +2 -2
- data/lib/saml/kit/document.rb +11 -1
- data/lib/saml/kit/metadata.rb +13 -6
- data/lib/saml/kit/namespaces.rb +0 -11
- data/lib/saml/kit/signature.rb +1 -1
- data/lib/saml/kit/trustable.rb +7 -1
- data/lib/saml/kit/version.rb +1 -1
- data/lib/saml/kit/xml_templatable.rb +37 -0
- data/saml-kit.gemspec +1 -3
- metadata +10 -56
- data/lib/saml/kit/builders/templates/certificate.builder +0 -7
- data/lib/saml/kit/builders/templates/nil_class.builder +0 -0
- data/lib/saml/kit/builders/templates/xml_encryption.builder +0 -16
- data/lib/saml/kit/builders/templates/xml_signature.builder +0 -20
- data/lib/saml/kit/builders/xml_encryption.rb +0 -20
- data/lib/saml/kit/builders/xml_signature.rb +0 -40
- data/lib/saml/kit/certificate.rb +0 -96
- data/lib/saml/kit/crypto.rb +0 -17
- data/lib/saml/kit/crypto/oaep_cipher.rb +0 -22
- data/lib/saml/kit/crypto/rsa_cipher.rb +0 -23
- data/lib/saml/kit/crypto/simple_cipher.rb +0 -38
- data/lib/saml/kit/crypto/unknown_cipher.rb +0 -18
- data/lib/saml/kit/fingerprint.rb +0 -50
- data/lib/saml/kit/id.rb +0 -14
- data/lib/saml/kit/key_pair.rb +0 -29
- data/lib/saml/kit/self_signed_certificate.rb +0 -28
- data/lib/saml/kit/signatures.rb +0 -57
- data/lib/saml/kit/templatable.rb +0 -67
- data/lib/saml/kit/template.rb +0 -33
- data/lib/saml/kit/xml.rb +0 -80
- data/lib/saml/kit/xml_decryption.rb +0 -44
data/lib/saml/kit/metadata.rb
CHANGED
@@ -24,6 +24,13 @@ module Saml
|
|
24
24
|
# {include:file:spec/examples/metadata_spec.rb}
|
25
25
|
class Metadata
|
26
26
|
METADATA_XSD = File.expand_path("./xsd/saml-schema-metadata-2.0.xsd", File.dirname(__FILE__)).freeze
|
27
|
+
NAMESPACES = {
|
28
|
+
"NameFormat": Namespaces::ATTR_SPLAT,
|
29
|
+
"ds": ::Xml::Kit::Namespaces::XMLDSIG,
|
30
|
+
"md": Namespaces::METADATA,
|
31
|
+
"saml": Namespaces::ASSERTION,
|
32
|
+
"samlp": Namespaces::PROTOCOL,
|
33
|
+
}.freeze
|
27
34
|
include ActiveModel::Validations
|
28
35
|
include XsdValidatable
|
29
36
|
include Translatable
|
@@ -69,8 +76,8 @@ module Saml
|
|
69
76
|
# Returns each of the X509 certificates.
|
70
77
|
def certificates
|
71
78
|
@certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
|
72
|
-
cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate",
|
73
|
-
Certificate.new(cert, use: item.attribute('use').value.to_sym)
|
79
|
+
cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", NAMESPACES).text
|
80
|
+
::Xml::Kit::Certificate.new(cert, use: item.attribute('use').value.to_sym)
|
74
81
|
end
|
75
82
|
end
|
76
83
|
|
@@ -134,7 +141,7 @@ module Saml
|
|
134
141
|
#
|
135
142
|
# @param fingerprint [Saml::Kit::Fingerprint] the fingerprint to search for.
|
136
143
|
# @param use [Symbol] the type of certificates to look at. Can be `:signing` or `:encryption`.
|
137
|
-
# @return [
|
144
|
+
# @return [Xml::Kit::Certificate] returns the matching `{Xml::Kit::Certificate}`
|
138
145
|
def matches?(fingerprint, use: :signing)
|
139
146
|
certificates.find do |certificate|
|
140
147
|
certificate.for?(use) && certificate.fingerprint == fingerprint
|
@@ -163,7 +170,7 @@ module Saml
|
|
163
170
|
# @param algorithm [OpenSSL::Digest] the digest algorithm to use. E.g. `OpenSSL::Digest::SHA256`
|
164
171
|
# @param signature [String] the signature to verify
|
165
172
|
# @param data [String] the data that is used to produce the signature.
|
166
|
-
# @return [
|
173
|
+
# @return [Xml::Kit::Certificate] the certificate that was used to produce the signature.
|
167
174
|
def verify(algorithm, signature, data)
|
168
175
|
signing_certificates.find do |certificate|
|
169
176
|
certificate.public_key.verify(algorithm, signature, data)
|
@@ -196,7 +203,7 @@ module Saml
|
|
196
203
|
attr_reader :xml
|
197
204
|
|
198
205
|
def document
|
199
|
-
@document ||= Xml.new(xml)
|
206
|
+
@document ||= ::Xml::Kit::Document.new(xml, namespaces: NAMESPACES)
|
200
207
|
end
|
201
208
|
|
202
209
|
def metadata
|
@@ -220,7 +227,7 @@ module Saml
|
|
220
227
|
end
|
221
228
|
|
222
229
|
def valid_signature?
|
223
|
-
xml =
|
230
|
+
xml = document
|
224
231
|
result = xml.valid?
|
225
232
|
xml.errors.each do |error|
|
226
233
|
errors[:base] << error
|
data/lib/saml/kit/namespaces.rb
CHANGED
@@ -6,7 +6,6 @@ module Saml
|
|
6
6
|
BASIC = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
|
7
7
|
BEARER = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
|
8
8
|
EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
9
|
-
ENVELOPED_SIG = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
|
10
9
|
METADATA = "urn:oasis:names:tc:SAML:2.0:metadata"
|
11
10
|
PASSWORD = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"
|
12
11
|
PASSWORD_PROTECTED = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
@@ -14,22 +13,12 @@ module Saml
|
|
14
13
|
PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
|
15
14
|
REQUESTER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Requester"
|
16
15
|
RESPONDER_ERROR = "urn:oasis:names:tc:SAML:2.0:status:Responder"
|
17
|
-
RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
|
18
|
-
RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
19
|
-
RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"
|
20
|
-
RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
|
21
|
-
SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1"
|
22
|
-
SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256'
|
23
|
-
SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384"
|
24
|
-
SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512'
|
25
16
|
SUCCESS = "urn:oasis:names:tc:SAML:2.0:status:Success"
|
26
17
|
TRANSIENT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
27
18
|
UNSPECIFIED = "urn:oasis:names:tc:SAML:2.0:consent:unspecified"
|
28
19
|
UNSPECIFIED_NAMEID = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
29
20
|
URI = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
|
30
21
|
VERSION_MISMATCH_ERROR = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch"
|
31
|
-
XMLDSIG = "http://www.w3.org/2000/09/xmldsig#"
|
32
|
-
XMLENC = "http://www.w3.org/2001/04/xmlenc#"
|
33
22
|
end
|
34
23
|
end
|
35
24
|
end
|
data/lib/saml/kit/signature.rb
CHANGED
@@ -9,7 +9,7 @@ module Saml
|
|
9
9
|
def certificate
|
10
10
|
value = to_h.fetch('KeyInfo', {}).fetch('X509Data', {}).fetch('X509Certificate', nil)
|
11
11
|
return if value.nil?
|
12
|
-
|
12
|
+
::Xml::Kit::Certificate.new(value, use: :signing)
|
13
13
|
end
|
14
14
|
|
15
15
|
# Returns true when the fingerprint of the certificate matches one of the certificates registered in the metadata.
|
data/lib/saml/kit/trustable.rb
CHANGED
@@ -44,7 +44,13 @@ module Saml
|
|
44
44
|
def must_have_valid_signature
|
45
45
|
return if to_xml.blank?
|
46
46
|
|
47
|
-
xml =
|
47
|
+
xml = ::Xml::Kit::Document.new(to_xml, namespaces: {
|
48
|
+
"NameFormat": Namespaces::ATTR_SPLAT,
|
49
|
+
"ds": ::Xml::Kit::Namespaces::XMLDSIG,
|
50
|
+
"md": Namespaces::METADATA,
|
51
|
+
"saml": Namespaces::ASSERTION,
|
52
|
+
"samlp": Namespaces::PROTOCOL,
|
53
|
+
})
|
48
54
|
xml.valid?
|
49
55
|
xml.errors.each do |error|
|
50
56
|
errors[:base] << error
|
data/lib/saml/kit/version.rb
CHANGED
@@ -0,0 +1,37 @@
|
|
1
|
+
module Saml
|
2
|
+
module Kit
|
3
|
+
module XmlTemplatable
|
4
|
+
include ::Xml::Kit::Templatable
|
5
|
+
|
6
|
+
def template_path
|
7
|
+
root_path = File.expand_path(File.dirname(__FILE__))
|
8
|
+
template_name = "#{self.class.name.split("::").last.underscore}.builder"
|
9
|
+
File.join(root_path, "builders/templates/", template_name)
|
10
|
+
end
|
11
|
+
|
12
|
+
# Returns true if an embedded signature is requested and at least one signing certificate is available via the configuration.
|
13
|
+
def sign?
|
14
|
+
return configuration.sign? if embed_signature.nil?
|
15
|
+
embed_signature && configuration.sign?
|
16
|
+
end
|
17
|
+
|
18
|
+
# @deprecated Use {#embed_signature=} instead of this method.
|
19
|
+
def sign=(value)
|
20
|
+
Saml::Kit.deprecate("sign= is deprecated. Use embed_signature= instead.")
|
21
|
+
self.embed_signature = value
|
22
|
+
end
|
23
|
+
|
24
|
+
def digest_method
|
25
|
+
configuration.digest_method
|
26
|
+
end
|
27
|
+
|
28
|
+
def signature_method
|
29
|
+
configuration.signature_method
|
30
|
+
end
|
31
|
+
|
32
|
+
def signing_key_pair
|
33
|
+
configuration.key_pairs(use: :signing).last
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/saml-kit.gemspec
CHANGED
@@ -24,10 +24,8 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.require_paths = ["lib"]
|
25
25
|
|
26
26
|
spec.add_dependency "activemodel", ">= 4.2.0"
|
27
|
-
spec.add_dependency "builder", "~> 3.2"
|
28
27
|
spec.add_dependency "nokogiri", "~> 1.8"
|
29
|
-
spec.add_dependency "
|
30
|
-
spec.add_dependency "xmldsig", "~> 0.6"
|
28
|
+
spec.add_dependency "xml-kit", "0.1.0"
|
31
29
|
spec.add_development_dependency "bundler", "~> 1.15"
|
32
30
|
spec.add_development_dependency "ffaker", "~> 2.7"
|
33
31
|
spec.add_development_dependency "rake", "~> 10.0"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml-kit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|
@@ -24,20 +24,6 @@ dependencies:
|
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 4.2.0
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: builder
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '3.2'
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '3.2'
|
41
27
|
- !ruby/object:Gem::Dependency
|
42
28
|
name: nokogiri
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -53,33 +39,19 @@ dependencies:
|
|
53
39
|
- !ruby/object:Gem::Version
|
54
40
|
version: '1.8'
|
55
41
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '2.0'
|
62
|
-
type: :runtime
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '2.0'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: xmldsig
|
42
|
+
name: xml-kit
|
71
43
|
requirement: !ruby/object:Gem::Requirement
|
72
44
|
requirements:
|
73
|
-
- -
|
45
|
+
- - '='
|
74
46
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
47
|
+
version: 0.1.0
|
76
48
|
type: :runtime
|
77
49
|
prerelease: false
|
78
50
|
version_requirements: !ruby/object:Gem::Requirement
|
79
51
|
requirements:
|
80
|
-
- -
|
52
|
+
- - '='
|
81
53
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
54
|
+
version: 0.1.0
|
83
55
|
- !ruby/object:Gem::Dependency
|
84
56
|
name: bundler
|
85
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -199,6 +171,7 @@ files:
|
|
199
171
|
- lib/saml/kit/builders.rb
|
200
172
|
- lib/saml/kit/builders/assertion.rb
|
201
173
|
- lib/saml/kit/builders/authentication_request.rb
|
174
|
+
- lib/saml/kit/builders/encrypted_assertion.rb
|
202
175
|
- lib/saml/kit/builders/identity_provider_metadata.rb
|
203
176
|
- lib/saml/kit/builders/logout_request.rb
|
204
177
|
- lib/saml/kit/builders/logout_response.rb
|
@@ -207,33 +180,19 @@ files:
|
|
207
180
|
- lib/saml/kit/builders/service_provider_metadata.rb
|
208
181
|
- lib/saml/kit/builders/templates/assertion.builder
|
209
182
|
- lib/saml/kit/builders/templates/authentication_request.builder
|
210
|
-
- lib/saml/kit/builders/templates/
|
183
|
+
- lib/saml/kit/builders/templates/encrypted_assertion.builder
|
211
184
|
- lib/saml/kit/builders/templates/identity_provider_metadata.builder
|
212
185
|
- lib/saml/kit/builders/templates/logout_request.builder
|
213
186
|
- lib/saml/kit/builders/templates/logout_response.builder
|
214
187
|
- lib/saml/kit/builders/templates/metadata.builder
|
215
|
-
- lib/saml/kit/builders/templates/nil_class.builder
|
216
188
|
- lib/saml/kit/builders/templates/response.builder
|
217
189
|
- lib/saml/kit/builders/templates/service_provider_metadata.builder
|
218
|
-
- lib/saml/kit/builders/templates/xml_encryption.builder
|
219
|
-
- lib/saml/kit/builders/templates/xml_signature.builder
|
220
|
-
- lib/saml/kit/builders/xml_encryption.rb
|
221
|
-
- lib/saml/kit/builders/xml_signature.rb
|
222
|
-
- lib/saml/kit/certificate.rb
|
223
190
|
- lib/saml/kit/composite_metadata.rb
|
224
191
|
- lib/saml/kit/configuration.rb
|
225
|
-
- lib/saml/kit/crypto.rb
|
226
|
-
- lib/saml/kit/crypto/oaep_cipher.rb
|
227
|
-
- lib/saml/kit/crypto/rsa_cipher.rb
|
228
|
-
- lib/saml/kit/crypto/simple_cipher.rb
|
229
|
-
- lib/saml/kit/crypto/unknown_cipher.rb
|
230
192
|
- lib/saml/kit/default_registry.rb
|
231
193
|
- lib/saml/kit/document.rb
|
232
|
-
- lib/saml/kit/fingerprint.rb
|
233
|
-
- lib/saml/kit/id.rb
|
234
194
|
- lib/saml/kit/identity_provider_metadata.rb
|
235
195
|
- lib/saml/kit/invalid_document.rb
|
236
|
-
- lib/saml/kit/key_pair.rb
|
237
196
|
- lib/saml/kit/locales/en.yml
|
238
197
|
- lib/saml/kit/logout_request.rb
|
239
198
|
- lib/saml/kit/logout_response.rb
|
@@ -242,18 +201,13 @@ files:
|
|
242
201
|
- lib/saml/kit/requestable.rb
|
243
202
|
- lib/saml/kit/respondable.rb
|
244
203
|
- lib/saml/kit/response.rb
|
245
|
-
- lib/saml/kit/self_signed_certificate.rb
|
246
204
|
- lib/saml/kit/serializable.rb
|
247
205
|
- lib/saml/kit/service_provider_metadata.rb
|
248
206
|
- lib/saml/kit/signature.rb
|
249
|
-
- lib/saml/kit/signatures.rb
|
250
|
-
- lib/saml/kit/templatable.rb
|
251
|
-
- lib/saml/kit/template.rb
|
252
207
|
- lib/saml/kit/translatable.rb
|
253
208
|
- lib/saml/kit/trustable.rb
|
254
209
|
- lib/saml/kit/version.rb
|
255
|
-
- lib/saml/kit/
|
256
|
-
- lib/saml/kit/xml_decryption.rb
|
210
|
+
- lib/saml/kit/xml_templatable.rb
|
257
211
|
- lib/saml/kit/xsd/MetadataExchange.xsd
|
258
212
|
- lib/saml/kit/xsd/oasis-200401-wss-wssecurity-secext-1.0.xsd
|
259
213
|
- lib/saml/kit/xsd/oasis-200401-wss-wssecurity-utility-1.0.xsd
|
File without changes
|
@@ -1,16 +0,0 @@
|
|
1
|
-
xml.EncryptedAssertion xmlns: Saml::Kit::Namespaces::ASSERTION do
|
2
|
-
xml.EncryptedData xmlns: Saml::Kit::Namespaces::XMLENC do
|
3
|
-
xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#aes256-cbc"
|
4
|
-
xml.KeyInfo xmlns: Saml::Kit::Namespaces::XMLDSIG do
|
5
|
-
xml.EncryptedKey xmlns: Saml::Kit::Namespaces::XMLENC do
|
6
|
-
xml.EncryptionMethod Algorithm: "http://www.w3.org/2001/04/xmlenc#rsa-1_5"
|
7
|
-
xml.CipherData do
|
8
|
-
xml.CipherValue Base64.encode64(public_key.public_encrypt(key))
|
9
|
-
end
|
10
|
-
end
|
11
|
-
end
|
12
|
-
xml.CipherData do
|
13
|
-
xml.CipherValue Base64.encode64(iv + encrypted)
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
xml.Signature "xmlns" => Saml::Kit::Namespaces::XMLDSIG do
|
2
|
-
xml.SignedInfo do
|
3
|
-
xml.CanonicalizationMethod Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
|
4
|
-
xml.SignatureMethod Algorithm: signature_method
|
5
|
-
xml.Reference URI: "##{reference_id}" do
|
6
|
-
xml.Transforms do
|
7
|
-
xml.Transform Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
|
8
|
-
xml.Transform Algorithm: "http://www.w3.org/2001/10/xml-exc-c14n#"
|
9
|
-
end
|
10
|
-
xml.DigestMethod Algorithm: digest_method
|
11
|
-
xml.DigestValue ""
|
12
|
-
end
|
13
|
-
end
|
14
|
-
xml.SignatureValue ""
|
15
|
-
xml.KeyInfo do
|
16
|
-
xml.X509Data do
|
17
|
-
xml.X509Certificate certificate.stripped
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module Saml
|
2
|
-
module Kit
|
3
|
-
module Builders
|
4
|
-
class XmlEncryption
|
5
|
-
attr_reader :public_key
|
6
|
-
attr_reader :key, :iv, :encrypted
|
7
|
-
|
8
|
-
def initialize(raw_xml, public_key)
|
9
|
-
@public_key = public_key
|
10
|
-
cipher = OpenSSL::Cipher.new('AES-256-CBC')
|
11
|
-
cipher.encrypt
|
12
|
-
@key = cipher.random_key
|
13
|
-
@iv = cipher.random_iv
|
14
|
-
@encrypted = cipher.update(raw_xml) + cipher.final
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
@@ -1,40 +0,0 @@
|
|
1
|
-
module Saml
|
2
|
-
module Kit
|
3
|
-
module Builders
|
4
|
-
class XmlSignature
|
5
|
-
SIGNATURE_METHODS = {
|
6
|
-
SHA1: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
7
|
-
SHA224: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224",
|
8
|
-
SHA256: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
|
9
|
-
SHA384: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
|
10
|
-
SHA512: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
|
11
|
-
}.freeze
|
12
|
-
DIGEST_METHODS = {
|
13
|
-
SHA1: "http://www.w3.org/2000/09/xmldsig#SHA1",
|
14
|
-
SHA224: "http://www.w3.org/2001/04/xmldsig-more#sha224",
|
15
|
-
SHA256: "http://www.w3.org/2001/04/xmlenc#sha256",
|
16
|
-
SHA384: "http://www.w3.org/2001/04/xmldsig-more#sha384",
|
17
|
-
SHA512: "http://www.w3.org/2001/04/xmlenc#sha512",
|
18
|
-
}.freeze
|
19
|
-
|
20
|
-
attr_reader :embed_signature, :configuration
|
21
|
-
attr_reader :reference_id
|
22
|
-
attr_reader :certificate
|
23
|
-
|
24
|
-
def initialize(reference_id, configuration:, certificate: )
|
25
|
-
@configuration = configuration
|
26
|
-
@reference_id = reference_id
|
27
|
-
@certificate = certificate
|
28
|
-
end
|
29
|
-
|
30
|
-
def signature_method
|
31
|
-
SIGNATURE_METHODS[configuration.signature_method]
|
32
|
-
end
|
33
|
-
|
34
|
-
def digest_method
|
35
|
-
DIGEST_METHODS[configuration.digest_method]
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
data/lib/saml/kit/certificate.rb
DELETED
@@ -1,96 +0,0 @@
|
|
1
|
-
module Saml
|
2
|
-
module Kit
|
3
|
-
# {include:file:spec/saml/certificate_spec.rb}
|
4
|
-
class Certificate
|
5
|
-
BEGIN_CERT=/-----BEGIN CERTIFICATE-----/
|
6
|
-
END_CERT=/-----END CERTIFICATE-----/
|
7
|
-
# The use can be `:signing` or `:encryption`
|
8
|
-
attr_reader :use
|
9
|
-
|
10
|
-
def initialize(value, use:)
|
11
|
-
@value = value
|
12
|
-
@use = use.downcase.to_sym
|
13
|
-
end
|
14
|
-
|
15
|
-
# @return [Saml::Kit::Fingerprint] the certificate fingerprint.
|
16
|
-
def fingerprint
|
17
|
-
Fingerprint.new(value)
|
18
|
-
end
|
19
|
-
|
20
|
-
# Returns true if this certificate is for the specified use.
|
21
|
-
#
|
22
|
-
# @param use [Symbol] `:signing` or `:encryption`.
|
23
|
-
# @return [Boolean] true or false.
|
24
|
-
def for?(use)
|
25
|
-
self.use == use.to_sym
|
26
|
-
end
|
27
|
-
|
28
|
-
# Returns true if this certificate is used for encryption.
|
29
|
-
#
|
30
|
-
# return [Boolean] true or false.
|
31
|
-
def encryption?
|
32
|
-
for?(:encryption)
|
33
|
-
end
|
34
|
-
|
35
|
-
# Returns true if this certificate is used for signing.
|
36
|
-
#
|
37
|
-
# return [Boolean] true or false.
|
38
|
-
def signing?
|
39
|
-
for?(:signing)
|
40
|
-
end
|
41
|
-
|
42
|
-
# Returns the x509 form.
|
43
|
-
#
|
44
|
-
# return [OpenSSL::X509::Certificate] the OpenSSL equivalent.
|
45
|
-
def x509
|
46
|
-
self.class.to_x509(value)
|
47
|
-
end
|
48
|
-
|
49
|
-
# Returns the public key.
|
50
|
-
#
|
51
|
-
# @return [OpenSSL::PKey::RSA] the RSA public key.
|
52
|
-
def public_key
|
53
|
-
x509.public_key
|
54
|
-
end
|
55
|
-
|
56
|
-
def ==(other)
|
57
|
-
self.fingerprint == other.fingerprint
|
58
|
-
end
|
59
|
-
|
60
|
-
def eql?(other)
|
61
|
-
self == other
|
62
|
-
end
|
63
|
-
|
64
|
-
def hash
|
65
|
-
value.hash
|
66
|
-
end
|
67
|
-
|
68
|
-
def to_s
|
69
|
-
value
|
70
|
-
end
|
71
|
-
|
72
|
-
def to_h
|
73
|
-
{ use: @use, fingerprint: fingerprint.to_s }
|
74
|
-
end
|
75
|
-
|
76
|
-
def inspect
|
77
|
-
to_h.inspect
|
78
|
-
end
|
79
|
-
|
80
|
-
def stripped
|
81
|
-
value.to_s.gsub(BEGIN_CERT, '').gsub(END_CERT, '').gsub(/\n/, '')
|
82
|
-
end
|
83
|
-
|
84
|
-
def self.to_x509(value)
|
85
|
-
OpenSSL::X509::Certificate.new(Base64.decode64(value))
|
86
|
-
rescue OpenSSL::X509::CertificateError => error
|
87
|
-
Saml::Kit.logger.warn(error)
|
88
|
-
OpenSSL::X509::Certificate.new(value)
|
89
|
-
end
|
90
|
-
|
91
|
-
private
|
92
|
-
|
93
|
-
attr_reader :value
|
94
|
-
end
|
95
|
-
end
|
96
|
-
end
|