saml-kit 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0ebef3199d5a8a66f49c3c57a2aafb1a4f54149c
4
- data.tar.gz: 9dce4bab8931cd0fc1aa8b147a461bdaf198328f
3
+ metadata.gz: 0a54e04d0c915cf2ed6df1ffa201fca9abea800e
4
+ data.tar.gz: f38bb36f287bc9f9b7c185eb00b7c87641f99f23
5
5
  SHA512:
6
- metadata.gz: a6f4922d39dd247dd91caa3262ed5cb0119c2f2d245c1609a5fa41bee27742a47845fea3dfe6605d7124030f9e7f844c2029e75d2cafbbf57288ded697fa14fa
7
- data.tar.gz: 99d7c34ce9fae83d81ce16eec10fd6ef9fd1d70f8d67cfbb412d4be45e59b2f28f2db5818de8c7520756a508c9e973c6598571054bb52cda6b5d57fcf8af2c77
6
+ metadata.gz: 9bf0e3a075afb0fb4b1038b265a39382a3463cf4b4c490d45cd605534341a4b2227fdf09709af556da2b94e25ca0d50fecd440b5e0ff2e68076fd2584010b110
7
+ data.tar.gz: ed750eb4bf73f1f631b83c4b17d2ddb1e15907955ce686b9ddaaa591a27c22a79fcac0b76a86ac3898e7c59b2d23e12616965286de614e1cd2b7f118ffd96f0f
data/.gitlab-ci.yml ADDED
@@ -0,0 +1,15 @@
1
+ image: ruby:2.2
2
+
3
+ before_script:
4
+ - apt-get update && apt-get install -y locales
5
+ - echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
6
+ - locale-gen
7
+ - export LC_ALL=en_US.UTF-8
8
+ - ruby -v
9
+ - which ruby
10
+ - gem install bundler --no-ri --no-rdoc
11
+ - bundle install --jobs $(nproc) "${FLAGS[@]}"
12
+
13
+ rspec:
14
+ script:
15
+ - bundle exec rspec
data/lib/saml/kit.rb CHANGED
@@ -23,6 +23,7 @@ require "saml/kit/document"
23
23
 
24
24
  require "saml/kit/authentication_request"
25
25
  require "saml/kit/bindings"
26
+ require "saml/kit/certificate"
26
27
  require "saml/kit/configuration"
27
28
  require "saml/kit/crypto"
28
29
  require "saml/kit/cryptography"
@@ -0,0 +1,59 @@
1
+ module Saml
2
+ module Kit
3
+ class Certificate
4
+ attr_reader :value, :use
5
+
6
+ def initialize(value, use:)
7
+ @value = value
8
+ @use = use.downcase.to_sym
9
+ end
10
+
11
+ def fingerprint
12
+ Fingerprint.new(value)
13
+ end
14
+
15
+ def for?(use)
16
+ self.use == use.to_sym
17
+ end
18
+
19
+ def encryption?
20
+ :encryption == use
21
+ end
22
+
23
+ def signing?
24
+ :signing == use
25
+ end
26
+
27
+ def x509
28
+ self.class.to_x509(value)
29
+ end
30
+
31
+ def public_key
32
+ x509.public_key
33
+ end
34
+
35
+ def ==(other)
36
+ self.to_s == other.to_s
37
+ end
38
+
39
+ def eql?(other)
40
+ self == other
41
+ end
42
+
43
+ def hash
44
+ value.hash
45
+ end
46
+
47
+ def to_s
48
+ value
49
+ end
50
+
51
+ def self.to_x509(value)
52
+ OpenSSL::X509::Certificate.new(Base64.decode64(value))
53
+ rescue OpenSSL::X509::CertificateError => error
54
+ Saml::Kit.logger.warn(error)
55
+ OpenSSL::X509::Certificate.new(value)
56
+ end
57
+ end
58
+ end
59
+ end
@@ -32,11 +32,11 @@ module Saml
32
32
  end
33
33
 
34
34
  def signing_x509
35
- OpenSSL::X509::Certificate.new(signing_certificate_pem)
35
+ Certificate.to_x509(signing_certificate_pem)
36
36
  end
37
37
 
38
38
  def encryption_x509
39
- OpenSSL::X509::Certificate.new(encryption_certificate_pem)
39
+ Certificate.to_x509(encryption_certificate_pem)
40
40
  end
41
41
 
42
42
  def signing_private_key
@@ -4,10 +4,7 @@ module Saml
4
4
  attr_reader :x509
5
5
 
6
6
  def initialize(raw_certificate)
7
- @x509 = OpenSSL::X509::Certificate.new(raw_certificate)
8
- rescue OpenSSL::X509::CertificateError => error
9
- Saml::Kit.logger.warn(error)
10
- @x509 = OpenSSL::X509::Certificate.new(Base64.decode64(raw_certificate))
7
+ @x509 = Certificate.to_x509(raw_certificate)
11
8
  end
12
9
 
13
10
  def algorithm(algorithm)
@@ -62,10 +62,21 @@ module Saml
62
62
  xml.EntityDescriptor entity_descriptor_options do
63
63
  signature.template(id)
64
64
  xml.IDPSSODescriptor idp_sso_descriptor_options do
65
- xml.KeyDescriptor use: "signing" do
66
- xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
67
- xml.X509Data do
68
- xml.X509Certificate @configuration.stripped_signing_certificate
65
+ if @configuration.signing_certificate_pem.present?
66
+ xml.KeyDescriptor use: "signing" do
67
+ xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
68
+ xml.X509Data do
69
+ xml.X509Certificate @configuration.stripped_signing_certificate
70
+ end
71
+ end
72
+ end
73
+ end
74
+ if @configuration.encryption_certificate_pem.present?
75
+ xml.KeyDescriptor use: "encryption" do
76
+ xml.KeyInfo "xmlns": Namespaces::XMLDSIG do
77
+ xml.X509Data do
78
+ xml.X509Certificate @configuration.stripped_encryption_certificate
79
+ end
69
80
  end
70
81
  end
71
82
  end
@@ -30,20 +30,16 @@ module Saml
30
30
  def certificates
31
31
  @certificates ||= document.find_all("/md:EntityDescriptor/md:#{name}/md:KeyDescriptor").map do |item|
32
32
  cert = item.at_xpath("./ds:KeyInfo/ds:X509Data/ds:X509Certificate", Xml::NAMESPACES).text
33
- {
34
- text: cert,
35
- fingerprint: Fingerprint.new(cert).algorithm(hash_algorithm),
36
- use: item.attribute('use').value.to_sym,
37
- }
33
+ Certificate.new(cert, use: item.attribute('use').value.to_sym)
38
34
  end
39
35
  end
40
36
 
41
37
  def encryption_certificates
42
- certificates.find_all { |x| x[:use] == :encryption }
38
+ certificates.find_all(&:encryption?)
43
39
  end
44
40
 
45
41
  def signing_certificates
46
- certificates.find_all { |x| x[:use] == :signing }
42
+ certificates.find_all(&:signing?)
47
43
  end
48
44
 
49
45
  def services(type)
@@ -68,12 +64,8 @@ module Saml
68
64
  end
69
65
 
70
66
  def matches?(fingerprint, use: :signing)
71
- if :signing == use.to_sym
72
- hash_value = fingerprint.algorithm(hash_algorithm)
73
- signing_certificates.find do |signing_certificate|
74
- Saml::Kit.logger.debug [hash_value, signing_certificate[:fingerprint]].inspect
75
- hash_value == signing_certificate[:fingerprint]
76
- end
67
+ certificates.find do |certificate|
68
+ certificate.for?(use) && certificate.fingerprint == fingerprint
77
69
  end
78
70
  end
79
71
 
@@ -91,9 +83,7 @@ module Saml
91
83
 
92
84
  def verify(algorithm, signature, data)
93
85
  signing_certificates.find do |cert|
94
- x509 = OpenSSL::X509::Certificate.new(Base64.decode64(cert[:text]))
95
- public_key = x509.public_key
96
- public_key.verify(algorithm, signature, data)
86
+ cert.public_key.verify(algorithm, signature, data)
97
87
  end
98
88
  end
99
89
 
@@ -186,7 +186,7 @@ module Saml
186
186
  yield temp
187
187
  raw_xml_to_encrypt = temp.target!
188
188
 
189
- encryption_certificate = OpenSSL::X509::Certificate.new(Base64.decode64(request.provider.encryption_certificates.first[:text]))
189
+ encryption_certificate = request.provider.encryption_certificates.first
190
190
  public_key = encryption_certificate.public_key
191
191
 
192
192
  cipher = OpenSSL::Cipher.new('AES-256-CBC')
@@ -18,8 +18,6 @@ module Saml
18
18
  attribute.text.downcase == "true"
19
19
  end
20
20
 
21
- private
22
-
23
21
  class Builder
24
22
  attr_accessor :id, :entity_id, :acs_urls, :logout_urls, :name_id_formats, :sign
25
23
  attr_accessor :want_assertions_signed
@@ -1,5 +1,5 @@
1
1
  module Saml
2
2
  module Kit
3
- VERSION = "0.2.0"
3
+ VERSION = "0.2.1"
4
4
  end
5
5
  end
data/lib/saml/kit/xml.rb CHANGED
@@ -22,7 +22,7 @@ module Saml
22
22
  def x509_certificates
23
23
  xpath = "//ds:KeyInfo/ds:X509Data/ds:X509Certificate"
24
24
  document.search(xpath, Xmldsig::NAMESPACES).map do |item|
25
- OpenSSL::X509::Certificate.new(Base64.decode64(item.text))
25
+ Certificate.to_x509(item.text)
26
26
  end
27
27
  end
28
28
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saml-kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - mo khan
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-11-26 00:00:00.000000000 Z
11
+ date: 2017-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -160,6 +160,7 @@ extensions: []
160
160
  extra_rdoc_files: []
161
161
  files:
162
162
  - ".gitignore"
163
+ - ".gitlab-ci.yml"
163
164
  - ".rspec"
164
165
  - ".travis.yml"
165
166
  - Gemfile
@@ -177,6 +178,7 @@ files:
177
178
  - lib/saml/kit/bindings/http_post.rb
178
179
  - lib/saml/kit/bindings/http_redirect.rb
179
180
  - lib/saml/kit/bindings/url_builder.rb
181
+ - lib/saml/kit/certificate.rb
180
182
  - lib/saml/kit/configuration.rb
181
183
  - lib/saml/kit/crypto.rb
182
184
  - lib/saml/kit/crypto/oaep_cipher.rb