saml-kit 0.2.5 → 0.2.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/saml/kit.rb +1 -0
- data/lib/saml/kit/assertion.rb +2 -2
- data/lib/saml/kit/bindings/http_post.rb +2 -2
- data/lib/saml/kit/bindings/http_redirect.rb +4 -4
- data/lib/saml/kit/builders/templates/assertion.builder +1 -1
- data/lib/saml/kit/configuration.rb +8 -13
- data/lib/saml/kit/document.rb +5 -5
- data/lib/saml/kit/key_pair.rb +17 -0
- data/lib/saml/kit/locales/en.yml +1 -1
- data/lib/saml/kit/logout_response.rb +2 -2
- data/lib/saml/kit/templatable.rb +2 -1
- data/lib/saml/kit/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 11da72a9a04500f85a856e8bdb82e5d32f930383bacbc4c1b2eacb5908336581
|
4
|
+
data.tar.gz: cb5c231e608a6fc199052c1c3e4922837c51534ec99a3416b1d45aa73efd07db
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3283b83d0c28a95e3bc1bbf3999bd5eee369dc82dcaa1eb4330dbb89e82ee57be3df06ad1548c416adc6a79f249642fda08d56e11323d88c7ffbd553b0431473
|
7
|
+
data.tar.gz: 49aa1074365a8c48f287e3939d3f9f3deb0d0f45168982a4197b091cf34257b60324eb177311581069a0ba47468bce0354a0d0d133668fc36180d38106add5e2
|
data/lib/saml/kit.rb
CHANGED
@@ -35,6 +35,7 @@ require "saml/kit/configuration"
|
|
35
35
|
require "saml/kit/crypto"
|
36
36
|
require "saml/kit/default_registry"
|
37
37
|
require "saml/kit/fingerprint"
|
38
|
+
require "saml/kit/key_pair"
|
38
39
|
require "saml/kit/logout_response"
|
39
40
|
require "saml/kit/logout_request"
|
40
41
|
require "saml/kit/metadata"
|
data/lib/saml/kit/assertion.rb
CHANGED
@@ -63,12 +63,12 @@ module Saml
|
|
63
63
|
[]
|
64
64
|
end
|
65
65
|
|
66
|
-
private
|
67
|
-
|
68
66
|
def encrypted?
|
69
67
|
@xml_hash.fetch('Response', {}).fetch('EncryptedAssertion', nil).present?
|
70
68
|
end
|
71
69
|
|
70
|
+
private
|
71
|
+
|
72
72
|
def assertion
|
73
73
|
if encrypted?
|
74
74
|
decrypted = XmlDecryption.new(configuration: @configuration).decrypt(@xml_hash['Response']['EncryptedAssertion'])
|
@@ -18,9 +18,9 @@ module Saml
|
|
18
18
|
[location, saml_params]
|
19
19
|
end
|
20
20
|
|
21
|
-
def deserialize(params)
|
21
|
+
def deserialize(params, configuration: Saml::Kit.configuration)
|
22
22
|
xml = decode(saml_param_from(params))
|
23
|
-
Saml::Kit::Document.to_saml_document(xml)
|
23
|
+
Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
|
24
24
|
end
|
25
25
|
end
|
26
26
|
end
|
@@ -15,8 +15,8 @@ module Saml
|
|
15
15
|
[UrlBuilder.new(configuration: builder.configuration).build(document, relay_state: relay_state), {}]
|
16
16
|
end
|
17
17
|
|
18
|
-
def deserialize(params)
|
19
|
-
document = deserialize_document_from!(params)
|
18
|
+
def deserialize(params, configuration: Saml::Kit.configuration)
|
19
|
+
document = deserialize_document_from!(params, configuration)
|
20
20
|
ensure_valid_signature!(params, document)
|
21
21
|
document.signature_verified!
|
22
22
|
document
|
@@ -24,10 +24,10 @@ module Saml
|
|
24
24
|
|
25
25
|
private
|
26
26
|
|
27
|
-
def deserialize_document_from!(params)
|
27
|
+
def deserialize_document_from!(params, configuration)
|
28
28
|
xml = inflate(decode(unescape(saml_param_from(params))))
|
29
29
|
Saml::Kit.logger.debug(xml)
|
30
|
-
Saml::Kit::Document.to_saml_document(xml)
|
30
|
+
Saml::Kit::Document.to_saml_document(xml, configuration: configuration)
|
31
31
|
end
|
32
32
|
|
33
33
|
def ensure_valid_signature!(params, document)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
encryption_for(xml: xml) do |xml|
|
2
2
|
xml.Assertion(assertion_options) do
|
3
3
|
xml.Issuer issuer
|
4
|
-
signature_for(reference_id: reference_id, xml: xml)
|
4
|
+
signature_for(reference_id: reference_id, xml: xml)
|
5
5
|
xml.Subject do
|
6
6
|
xml.NameID name_id, Format: name_id_format
|
7
7
|
xml.SubjectConfirmation Method: Saml::Kit::Namespaces::BEARER do
|
@@ -12,14 +12,12 @@ module Saml
|
|
12
12
|
@registry = DefaultRegistry.new
|
13
13
|
@session_timeout = 3.hours
|
14
14
|
@logger = Logger.new(STDOUT)
|
15
|
+
@key_pairs = []
|
15
16
|
yield self if block_given?
|
16
17
|
end
|
17
18
|
|
18
19
|
def add_key_pair(certificate, private_key, password:, use: :signing)
|
19
|
-
key_pairs.push(
|
20
|
-
certificate: Saml::Kit::Certificate.new(certificate, use: use),
|
21
|
-
private_key: OpenSSL::PKey::RSA.new(private_key, password)
|
22
|
-
})
|
20
|
+
@key_pairs.push(KeyPair.new(certificate, private_key, password, use))
|
23
21
|
end
|
24
22
|
|
25
23
|
def generate_key_pair_for(use:, password: SecureRandom.uuid)
|
@@ -27,13 +25,16 @@ module Saml
|
|
27
25
|
add_key_pair(certificate, private_key, password: password, use: use)
|
28
26
|
end
|
29
27
|
|
28
|
+
def key_pairs(use: nil)
|
29
|
+
use.present? ? @key_pairs.find_all { |x| x.for?(use) } : @key_pairs
|
30
|
+
end
|
31
|
+
|
30
32
|
def certificates(use: nil)
|
31
|
-
|
32
|
-
use.present? ? certificates.find_all { |x| x.for?(use) } : certificates
|
33
|
+
key_pairs(use: use).flat_map(&:certificate)
|
33
34
|
end
|
34
35
|
|
35
36
|
def private_keys(use: :signing)
|
36
|
-
key_pairs
|
37
|
+
key_pairs(use: use).flat_map(&:private_key)
|
37
38
|
end
|
38
39
|
|
39
40
|
def encryption_certificate
|
@@ -54,12 +55,6 @@ module Saml
|
|
54
55
|
def sign?
|
55
56
|
certificates(use: :signing).any?
|
56
57
|
end
|
57
|
-
|
58
|
-
private
|
59
|
-
|
60
|
-
def key_pairs
|
61
|
-
@key_pairs ||= []
|
62
|
-
end
|
63
58
|
end
|
64
59
|
end
|
65
60
|
end
|
data/lib/saml/kit/document.rb
CHANGED
@@ -64,16 +64,16 @@ module Saml
|
|
64
64
|
end
|
65
65
|
|
66
66
|
class << self
|
67
|
-
def to_saml_document(xml)
|
67
|
+
def to_saml_document(xml, configuration: Saml::Kit.configuration)
|
68
68
|
hash = Hash.from_xml(xml)
|
69
69
|
if hash['Response'].present?
|
70
|
-
Response.new(xml)
|
70
|
+
Response.new(xml, configuration: configuration)
|
71
71
|
elsif hash['LogoutResponse'].present?
|
72
|
-
LogoutResponse.new(xml)
|
72
|
+
LogoutResponse.new(xml, configuration: configuration)
|
73
73
|
elsif hash['AuthnRequest'].present?
|
74
|
-
AuthenticationRequest.new(xml)
|
74
|
+
AuthenticationRequest.new(xml, configuration: configuration)
|
75
75
|
elsif hash['LogoutRequest'].present?
|
76
|
-
LogoutRequest.new(xml)
|
76
|
+
LogoutRequest.new(xml, configuration: configuration)
|
77
77
|
end
|
78
78
|
rescue => error
|
79
79
|
Saml::Kit.logger.error(error)
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Saml
|
2
|
+
module Kit
|
3
|
+
class KeyPair
|
4
|
+
attr_reader :certificate, :private_key
|
5
|
+
|
6
|
+
def initialize(certificate, private_key, password, use)
|
7
|
+
@use = use
|
8
|
+
@certificate = Saml::Kit::Certificate.new(certificate, use: use)
|
9
|
+
@private_key = OpenSSL::PKey::RSA.new(private_key, password)
|
10
|
+
end
|
11
|
+
|
12
|
+
def for?(use)
|
13
|
+
@use == use
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
data/lib/saml/kit/locales/en.yml
CHANGED
@@ -4,6 +4,7 @@ en:
|
|
4
4
|
errors:
|
5
5
|
Assertion:
|
6
6
|
expired: "must not be expired."
|
7
|
+
must_match_issuer: "must match entityId."
|
7
8
|
AuthnRequest:
|
8
9
|
invalid: "must contain AuthnRequest."
|
9
10
|
invalid_fingerprint: "does not match."
|
@@ -23,7 +24,6 @@ en:
|
|
23
24
|
invalid_fingerprint: "does not match."
|
24
25
|
invalid_response_to: "must match request id."
|
25
26
|
invalid_version: "must be 2.0."
|
26
|
-
must_match_issuer: "must match entityId."
|
27
27
|
unregistered: "must originate from registered identity provider."
|
28
28
|
SPSSODescriptor:
|
29
29
|
invalid: "must contain SPSSODescriptor."
|
@@ -3,9 +3,9 @@ module Saml
|
|
3
3
|
class LogoutResponse < Document
|
4
4
|
include Respondable
|
5
5
|
|
6
|
-
def initialize(xml, request_id: nil)
|
6
|
+
def initialize(xml, request_id: nil, configuration: Saml::Kit.configuration)
|
7
7
|
@request_id = request_id
|
8
|
-
super(xml, name: "LogoutResponse")
|
8
|
+
super(xml, name: "LogoutResponse", configuration: configuration)
|
9
9
|
end
|
10
10
|
|
11
11
|
Builder = ActiveSupport::Deprecation::DeprecatedConstantProxy.new('Saml::Kit::LogoutResponse::Builder', 'Saml::Kit::Builders::LogoutResponse')
|
data/lib/saml/kit/templatable.rb
CHANGED
@@ -24,7 +24,8 @@ module Saml
|
|
24
24
|
if encrypt?
|
25
25
|
temp = ::Builder::XmlMarkup.new
|
26
26
|
yield temp
|
27
|
-
|
27
|
+
signed_xml = signatures.complete(temp.target!)
|
28
|
+
xml_encryption = Saml::Kit::Builders::XmlEncryption.new(signed_xml, encryption_certificate.public_key)
|
28
29
|
render(xml_encryption, xml: xml)
|
29
30
|
else
|
30
31
|
yield xml
|
data/lib/saml/kit/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: saml-kit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mo khan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-12-
|
11
|
+
date: 2017-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|
@@ -231,6 +231,7 @@ files:
|
|
231
231
|
- lib/saml/kit/id.rb
|
232
232
|
- lib/saml/kit/identity_provider_metadata.rb
|
233
233
|
- lib/saml/kit/invalid_document.rb
|
234
|
+
- lib/saml/kit/key_pair.rb
|
234
235
|
- lib/saml/kit/locales/en.yml
|
235
236
|
- lib/saml/kit/logout_request.rb
|
236
237
|
- lib/saml/kit/logout_response.rb
|