saml-kit 0.2.5 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/saml/kit.rb +1 -0
- data/lib/saml/kit/assertion.rb +2 -2
- data/lib/saml/kit/bindings/http_post.rb +2 -2
- data/lib/saml/kit/bindings/http_redirect.rb +4 -4
- data/lib/saml/kit/builders/templates/assertion.builder +1 -1
- data/lib/saml/kit/configuration.rb +8 -13
- data/lib/saml/kit/document.rb +5 -5
- data/lib/saml/kit/key_pair.rb +17 -0
- data/lib/saml/kit/locales/en.yml +1 -1
- data/lib/saml/kit/logout_response.rb +2 -2
- data/lib/saml/kit/templatable.rb +2 -1
- data/lib/saml/kit/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11da72a9a04500f85a856e8bdb82e5d32f930383bacbc4c1b2eacb5908336581
|
|
4
|
+
data.tar.gz: cb5c231e608a6fc199052c1c3e4922837c51534ec99a3416b1d45aa73efd07db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3283b83d0c28a95e3bc1bbf3999bd5eee369dc82dcaa1eb4330dbb89e82ee57be3df06ad1548c416adc6a79f249642fda08d56e11323d88c7ffbd553b0431473
|
|
7
|
+
data.tar.gz: 49aa1074365a8c48f287e3939d3f9f3deb0d0f45168982a4197b091cf34257b60324eb177311581069a0ba47468bce0354a0d0d133668fc36180d38106add5e2
|
data/lib/saml/kit.rb
CHANGED
|
@@ -35,6 +35,7 @@ require "saml/kit/configuration"
|
|
|
35
35
|
require "saml/kit/crypto"
|
|
36
36
|
require "saml/kit/default_registry"
|
|
37
37
|
require "saml/kit/fingerprint"
|
|
38
|
+
require "saml/kit/key_pair"
|
|
38
39
|
require "saml/kit/logout_response"
|
|
39
40
|
require "saml/kit/logout_request"
|
|
40
41
|
require "saml/kit/metadata"
|
data/lib/saml/kit/assertion.rb
CHANGED
|
@@ -63,12 +63,12 @@ module Saml
|
|
|
63
63
|
[]
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
private
|
|
67
|
-
|
|
68
66
|
def encrypted?
|
|
69
67
|
@xml_hash.fetch('Response', {}).fetch('EncryptedAssertion', nil).present?
|
|
70
68
|
end
|
|
71
69
|
|
|
70
|
+
private
|
|
71
|
+
|
|
72
72
|
def assertion
|
|
73
73
|
if encrypted?
|
|
74
74
|
decrypted = XmlDecryption.new(configuration: @configuration).decrypt(@xml_hash['Response']['EncryptedAssertion'])
|
|
@@ -18,9 +18,9 @@ module Saml
|
|
|
18
18
|
[location, saml_params]
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def deserialize(params)
|
|
21
|
+
def deserialize(params, configuration: Saml::Kit.configuration)
|
|
22
22
|
xml = decode(saml_param_from(params))
|
|
23
|
-
Saml::Kit::Document.to_saml_document(xml)
|
|
23
|
+
Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
end
|
|
@@ -15,8 +15,8 @@ module Saml
|
|
|
15
15
|
[UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def deserialize(params)
|
|
19
|
-
document = deserialize_document_from!(params)
|
|
18
|
+
def deserialize(params, configuration: Saml::Kit.configuration)
|
|
19
|
+
document = deserialize_document_from!(params, configuration)
|
|
20
20
|
ensure_valid_signature!(params, document)
|
|
21
21
|
document.signature_verified!
|
|
22
22
|
document
|
|
@@ -24,10 +24,10 @@ module Saml
|
|
|
24
24
|
|
|
25
25
|
private
|
|
26
26
|
|
|
27
|
-
def deserialize_document_from!(params)
|
|
27
|
+
def deserialize_document_from!(params, configuration)
|
|
28
28
|
xml = inflate(decode(unescape(saml_param_from(params))))
|
|
29
29
|
Saml::Kit.logger.debug(xml)
|
|
30
|
-
Saml::Kit::Document.to_saml_document(xml)
|
|
30
|
+
Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def ensure_valid_signature!(params, document)
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
encryption_for(xml: xml) do |xml|
|
|
2
2
|
xml.Assertion(assertion_options) do
|
|
3
3
|
xml.Issuer issuer
|
|
4
|
-
signature_for(reference_id: reference_id, xml: xml)
|
|
4
|
+
signature_for(reference_id: reference_id, xml: xml)
|
|
5
5
|
xml.Subject do
|
|
6
6
|
xml.NameID name_id, Format: name_id_format
|
|
7
7
|
xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
|
|
@@ -12,14 +12,12 @@ module Saml
|
|
|
12
12
|
@registry = DefaultRegistry.new
|
|
13
13
|
@session_timeout = 3.hours
|
|
14
14
|
@logger = Logger.new(STDOUT)
|
|
15
|
+
@key_pairs = []
|
|
15
16
|
yield self if block_given?
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def add_key_pair(certificate, private_key, password:, use: :signing)
|
|
19
|
-
key_pairs.push(
|
|
20
|
-
certificate: Saml::Kit::Certificate.new(certificate, use: use),
|
|
21
|
-
private_key: OpenSSL::PKey::RSA.new(private_key, password)
|
|
22
|
-
})
|
|
20
|
+
@key_pairs.push(KeyPair.new(certificate, private_key, password, use))
|
|
23
21
|
end
|
|
24
22
|
|
|
25
23
|
def generate_key_pair_for(use:, password: SecureRandom.uuid)
|
|
@@ -27,13 +25,16 @@ module Saml
|
|
|
27
25
|
add_key_pair(certificate, private_key, password: password, use: use)
|
|
28
26
|
end
|
|
29
27
|
|
|
28
|
+
def key_pairs(use: nil)
|
|
29
|
+
use.present? ? @key_pairs.find_all { |x| x.for?(use) } : @key_pairs
|
|
30
|
+
end
|
|
31
|
+
|
|
30
32
|
def certificates(use: nil)
|
|
31
|
-
|
|
32
|
-
use.present? ? certificates.find_all { |x| x.for?(use) } : certificates
|
|
33
|
+
key_pairs(use: use).flat_map(&:certificate)
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def private_keys(use: :signing)
|
|
36
|
-
key_pairs
|
|
37
|
+
key_pairs(use: use).flat_map(&:private_key)
|
|
37
38
|
end
|
|
38
39
|
|
|
39
40
|
def encryption_certificate
|
|
@@ -54,12 +55,6 @@ module Saml
|
|
|
54
55
|
def sign?
|
|
55
56
|
certificates(use: :signing).any?
|
|
56
57
|
end
|
|
57
|
-
|
|
58
|
-
private
|
|
59
|
-
|
|
60
|
-
def key_pairs
|
|
61
|
-
@key_pairs ||= []
|
|
62
|
-
end
|
|
63
58
|
end
|
|
64
59
|
end
|
|
65
60
|
end
|
data/lib/saml/kit/document.rb
CHANGED
|
@@ -64,16 +64,16 @@ module Saml
|
|
|
64
64
|
end
|
|
65
65
|
|
|
66
66
|
class << self
|
|
67
|
-
def to_saml_document(xml)
|
|
67
|
+
def to_saml_document(xml, configuration: Saml::Kit.configuration)
|
|
68
68
|
hash = Hash.from_xml(xml)
|
|
69
69
|
if hash['Response'].present?
|
|
70
|
-
Response.new(xml)
|
|
70
|
+
Response.new(xml, configuration: configuration)
|
|
71
71
|
elsif hash['LogoutResponse'].present?
|
|
72
|
-
LogoutResponse.new(xml)
|
|
72
|
+
LogoutResponse.new(xml, configuration: configuration)
|
|
73
73
|
elsif hash['AuthnRequest'].present?
|
|
74
|
-
AuthenticationRequest.new(xml)
|
|
74
|
+
AuthenticationRequest.new(xml, configuration: configuration)
|
|
75
75
|
elsif hash['LogoutRequest'].present?
|
|
76
|
-
LogoutRequest.new(xml)
|
|
76
|
+
LogoutRequest.new(xml, configuration: configuration)
|
|
77
77
|
end
|
|
78
78
|
rescue => error
|
|
79
79
|
Saml::Kit.logger.error(error)
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Saml
|
|
2
|
+
module Kit
|
|
3
|
+
class KeyPair
|
|
4
|
+
attr_reader :certificate, :private_key
|
|
5
|
+
|
|
6
|
+
def initialize(certificate, private_key, password, use)
|
|
7
|
+
@use = use
|
|
8
|
+
@certificate = Saml::Kit::Certificate.new(certificate, use: use)
|
|
9
|
+
@private_key = OpenSSL::PKey::RSA.new(private_key, password)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def for?(use)
|
|
13
|
+
@use == use
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
data/lib/saml/kit/locales/en.yml
CHANGED
|
@@ -4,6 +4,7 @@ en:
|
|
|
4
4
|
errors:
|
|
5
5
|
Assertion:
|
|
6
6
|
expired: "must not be expired."
|
|
7
|
+
must_match_issuer: "must match entityId."
|
|
7
8
|
AuthnRequest:
|
|
8
9
|
invalid: "must contain AuthnRequest."
|
|
9
10
|
invalid_fingerprint: "does not match."
|
|
@@ -23,7 +24,6 @@ en:
|
|
|
23
24
|
invalid_fingerprint: "does not match."
|
|
24
25
|
invalid_response_to: "must match request id."
|
|
25
26
|
invalid_version: "must be 2.0."
|
|
26
|
-
must_match_issuer: "must match entityId."
|
|
27
27
|
unregistered: "must originate from registered identity provider."
|
|
28
28
|
SPSSODescriptor:
|
|
29
29
|
invalid: "must contain SPSSODescriptor."
|
|
@@ -3,9 +3,9 @@ module Saml
|
|
|
3
3
|
class LogoutResponse < Document
|
|
4
4
|
include Respondable
|
|
5
5
|
|
|
6
|
-
def initialize(xml, request_id: nil)
|
|
6
|
+
def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
|
|
7
7
|
@request_id = request_id
|
|
8
|
-
super(xml, name: "LogoutResponse")
|
|
8
|
+
super(xml, name: "LogoutResponse", configuration: configuration)
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
Builder = ActiveSupport::Deprecation::DeprecatedConstantProxy.new('Saml::Kit::LogoutResponse::Builder', 'Saml::Kit::Builders::LogoutResponse')
|
data/lib/saml/kit/templatable.rb
CHANGED
|
@@ -24,7 +24,8 @@ module Saml
|
|
|
24
24
|
if encrypt?
|
|
25
25
|
temp = ::Builder::XmlMarkup.new
|
|
26
26
|
yield temp
|
|
27
|
-
|
|
27
|
+
signed_xml = signatures.complete(temp.target!)
|
|
28
|
+
xml_encryption = Saml::Kit::Builders::XmlEncryption.new(signed_xml, encryption_certificate.public_key)
|
|
28
29
|
render(xml_encryption, xml: xml)
|
|
29
30
|
else
|
|
30
31
|
yield xml
|
data/lib/saml/kit/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: saml-kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mo khan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-12-
|
|
11
|
+
date: 2017-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activemodel
|
|
@@ -231,6 +231,7 @@ files:
|
|
|
231
231
|
- lib/saml/kit/id.rb
|
|
232
232
|
- lib/saml/kit/identity_provider_metadata.rb
|
|
233
233
|
- lib/saml/kit/invalid_document.rb
|
|
234
|
+
- lib/saml/kit/key_pair.rb
|
|
234
235
|
- lib/saml/kit/locales/en.yml
|
|
235
236
|
- lib/saml/kit/logout_request.rb
|
|
236
237
|
- lib/saml/kit/logout_response.rb
|