spid-es 0.0.20 → 0.0.25
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/spid/ruby-saml/metadata.rb +90 -41
- data/lib/spid/ruby-saml/response.rb +30 -19
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/spid-es.gemspec +1 -1
- metadata +3 -5
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 0df53e9cf72fafa24ceafecf84eeecaeac2ad41ae3fde626427db9015ba066c6
|
4
|
+
data.tar.gz: 4df05a87667e7e38f788c8a80852290020853a576b9fdd64408adb0e7d84af19
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c9443aeb32bbeb10038ba9acb6033617c9b2a0f2c5e759bddcb98d0252a41d19248776d2fb0fa2295f6572ecba6fc6eaeb6129ac564c86caed0b2aed929caa87
|
7
|
+
data.tar.gz: 1ae7d5cec32f6b0a8007c0c27bec008dec9d27c4f4fdd0e20c8d88922ebe32918eedae9260a377da55a304d7380b8073ca730ba4b3d9108c2bbf144f0e87b56a
|
@@ -31,14 +31,26 @@ module Spid
|
|
31
31
|
def generate(settings)
|
32
32
|
#meta_doc = REXML::Document.new
|
33
33
|
meta_doc = Spid::XMLSecurityNew::Document.new
|
34
|
-
|
34
|
+
if settings.aggregato
|
35
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
36
|
+
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
37
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
38
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions",
|
39
|
+
}
|
40
|
+
else
|
41
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
35
42
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
36
43
|
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
37
|
-
|
44
|
+
}
|
45
|
+
end
|
46
|
+
|
38
47
|
if settings.issuer != nil
|
39
48
|
root.attributes["entityID"] = settings.issuer
|
40
49
|
end
|
41
|
-
|
50
|
+
#Tolto per non far cambiare sempre il metadata
|
51
|
+
#uuid = "_" + UUID.new.generate
|
52
|
+
#genero l'id come hash dell'entityID
|
53
|
+
uuid = "_" + settings.issuer.hash
|
42
54
|
self.uuid = uuid
|
43
55
|
root.attributes["ID"] = uuid
|
44
56
|
|
@@ -119,6 +131,18 @@ module Spid
|
|
119
131
|
}
|
120
132
|
end
|
121
133
|
|
134
|
+
#Logout dei servizi esterni
|
135
|
+
unless settings.hash_assertion_consumer.blank?
|
136
|
+
settings.hash_assertion_consumer.each_pair{ |index, hash_service|
|
137
|
+
unless hash_service['logout'].blank?
|
138
|
+
sp_sso.add_element "md:SingleLogoutService", {
|
139
|
+
"Binding" => hash_service['logout']['binding'] || "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
140
|
+
"Location" => hash_service['logout']['location']
|
141
|
+
}
|
142
|
+
end
|
143
|
+
}
|
144
|
+
end
|
145
|
+
|
122
146
|
name_identifier_formats = settings.name_identifier_format
|
123
147
|
if name_identifier_formats != nil
|
124
148
|
name_id = []
|
@@ -165,47 +189,30 @@ module Spid
|
|
165
189
|
"xml:lang" => "it"
|
166
190
|
}
|
167
191
|
service_name.text = hash_service['testo']
|
168
|
-
hash_service['
|
169
|
-
attr_cons_service.add_element "md:
|
170
|
-
|
192
|
+
unless hash_service['description'].blank?
|
193
|
+
service_description = attr_cons_service.add_element "md:ServiceDescription", {
|
194
|
+
"xml:lang" => "it"
|
171
195
|
}
|
172
|
-
|
196
|
+
service_description.text = hash_service['description']
|
197
|
+
end
|
198
|
+
|
199
|
+
if hash_service['array_campi'].is_a?(Array)
|
200
|
+
hash_service['array_campi'].each_with_index{ |attribute, index|
|
201
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
202
|
+
"Name" => attribute
|
203
|
+
}
|
204
|
+
}
|
205
|
+
else #hash
|
206
|
+
hash_service['array_campi'].each_pair{ |attribute, name_format|
|
207
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
208
|
+
"Name" => attribute,
|
209
|
+
"NameFormat" => name_format
|
210
|
+
}
|
211
|
+
}
|
212
|
+
end
|
173
213
|
}
|
174
214
|
|
175
215
|
|
176
|
-
|
177
|
-
|
178
|
-
#Per EIDAS
|
179
|
-
# #AttributeConsumingService
|
180
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
181
|
-
# "index" => "99",
|
182
|
-
# }
|
183
|
-
# service_name
|
184
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
185
|
-
# "xml:lang" => "it"
|
186
|
-
# }
|
187
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
188
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
189
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
190
|
-
# "Name" => attribute
|
191
|
-
# }
|
192
|
-
# }
|
193
|
-
|
194
|
-
# #AttributeConsumingService
|
195
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
196
|
-
# "index" => "100",
|
197
|
-
# }
|
198
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
199
|
-
# "xml:lang" => "it"
|
200
|
-
# }
|
201
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
202
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
203
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
204
|
-
# "Name" => attribute
|
205
|
-
# }
|
206
|
-
# }
|
207
|
-
|
208
|
-
|
209
216
|
end
|
210
217
|
#organization
|
211
218
|
organization = root.add_element "md:Organization"
|
@@ -216,12 +223,54 @@ module Spid
|
|
216
223
|
org_display_name = organization.add_element "md:OrganizationDisplayName", {
|
217
224
|
"xml:lang" => "it"
|
218
225
|
}
|
219
|
-
|
226
|
+
|
227
|
+
org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
|
220
228
|
org_url = organization.add_element "md:OrganizationURL", {
|
221
229
|
"xml:lang" => "it"
|
222
230
|
}
|
223
231
|
org_url.text = settings.organization['org_url']
|
224
232
|
|
233
|
+
#ContactPerson per sp aggregato
|
234
|
+
if settings.aggregato
|
235
|
+
contact_person_aggregatore = root.add_element "md:ContactPerson", {
|
236
|
+
"contactType" => "other",
|
237
|
+
"spid:entityType" => "spid:aggregator"
|
238
|
+
}
|
239
|
+
company = contact_person_aggregatore.add_element "md:Company"
|
240
|
+
company.text = settings.hash_aggregatore['soggetto_aggregatore']
|
241
|
+
|
242
|
+
extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
|
243
|
+
vat_number_aggregatore = extensions_aggregatore.add_element "spid:VATNumber"
|
244
|
+
vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
|
245
|
+
|
246
|
+
ipa_code_aggregatore = extensions_aggregatore.add_element "spid:IPACode"
|
247
|
+
ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
|
248
|
+
|
249
|
+
fiscal_code_aggregatore = extensions_aggregatore.add_element "spid:FiscalCode"
|
250
|
+
fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
|
251
|
+
|
252
|
+
contact_person_aggregato = root.add_element "md:ContactPerson", {
|
253
|
+
"contactType" => "other",
|
254
|
+
"spid:entityType" => "spid:aggregated"
|
255
|
+
}
|
256
|
+
company = contact_person_aggregato.add_element "md:Company"
|
257
|
+
company.text = settings.organization['org_name']
|
258
|
+
|
259
|
+
extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
|
260
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
|
261
|
+
vat_number_aggregato = extensions_aggregato.add_element "spid:VATNumber"
|
262
|
+
vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
|
263
|
+
end
|
264
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
|
265
|
+
ipa_code_aggregato = extensions_aggregato.add_element "spid:IPACode"
|
266
|
+
ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
|
267
|
+
end
|
268
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
|
269
|
+
fiscal_code_aggregato = extensions_aggregato.add_element "spid:FiscalCode"
|
270
|
+
fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
|
271
|
+
end
|
272
|
+
end
|
273
|
+
|
225
274
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
226
275
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
227
276
|
|
@@ -160,14 +160,19 @@ module Spid
|
|
160
160
|
return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
|
161
161
|
end
|
162
162
|
|
163
|
-
|
163
|
+
issuer_response_nodes.each{ |iss|
|
164
|
+
#controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
165
|
+
return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
164
166
|
|
165
|
-
|
167
|
+
}
|
168
|
+
|
169
|
+
issuer_assertion_nodes.each{ |iss|
|
166
170
|
#controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
167
171
|
return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
168
172
|
|
169
173
|
}
|
170
174
|
|
175
|
+
nodes = issuer_response_nodes + issuer_assertion_nodes
|
171
176
|
|
172
177
|
nodes.map { |node| Utils.element_text(node) }.compact.uniq
|
173
178
|
end
|
@@ -175,7 +180,6 @@ module Spid
|
|
175
180
|
|
176
181
|
|
177
182
|
|
178
|
-
|
179
183
|
def response_to_id
|
180
184
|
node = REXML::XPath.first(document, "/p:Response", { "p" => PROTOCOL })
|
181
185
|
return node.attributes["InResponseTo"] unless node.blank?
|
@@ -264,6 +268,8 @@ module Spid
|
|
264
268
|
return false if validate_destination(soft) == false
|
265
269
|
#validazione status
|
266
270
|
return false if validate_status(soft) == false
|
271
|
+
#validazione inresponseto
|
272
|
+
return false if validate_presence_inresponseto(soft) == false
|
267
273
|
#validazione issuer
|
268
274
|
return false if validate_issuer(soft) == false
|
269
275
|
#validazioni varie su asserzioni
|
@@ -308,6 +314,11 @@ module Spid
|
|
308
314
|
end
|
309
315
|
end
|
310
316
|
|
317
|
+
def validate_presence_inresponseto(soft=true)
|
318
|
+
response_to_id_value = response_to_id
|
319
|
+
return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
|
320
|
+
end
|
321
|
+
|
311
322
|
|
312
323
|
|
313
324
|
#validate status e status code
|
@@ -340,16 +351,16 @@ module Spid
|
|
340
351
|
end
|
341
352
|
|
342
353
|
def version_assertion(document)
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
354
|
+
assertion_nodes = xpath_from_signed_assertion()
|
355
|
+
@version_assertion = "2.0"
|
356
|
+
#ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
|
357
|
+
unless assertion_nodes.blank?
|
358
|
+
assertion_nodes.each{ |ass_node|
|
359
|
+
return nil if ass_node.attributes['Version'] != "2.0"
|
360
|
+
}
|
361
|
+
end
|
362
|
+
@version_assertion
|
363
|
+
end
|
353
364
|
|
354
365
|
def validate_version(soft = true)
|
355
366
|
unless version(self.document) == "2.0"
|
@@ -360,12 +371,12 @@ module Spid
|
|
360
371
|
end
|
361
372
|
|
362
373
|
def validate_version_assertion(soft = true)
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
374
|
+
unless version_assertion(self.document) == "2.0"
|
375
|
+
#return append_error("Unsupported SAML version")
|
376
|
+
return soft ? false : validation_error("Unsupported SAML Assertion version")
|
377
|
+
end
|
378
|
+
true
|
379
|
+
end
|
369
380
|
|
370
381
|
def validate_signed_elements(soft = true)
|
371
382
|
signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})
|
@@ -10,7 +10,7 @@ module Spid
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
13
|
-
attr_accessor :skip_validation
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
14
14
|
|
15
15
|
def initialize(config = {})
|
16
16
|
config.each do |k,v|
|
data/spid-es.gemspec
CHANGED
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = 'spid-es'
|
5
|
-
s.version = '0.0.
|
5
|
+
s.version = '0.0.25'
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spid-es
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.25
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Fabiano Pavan
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-07-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: canonix
|
@@ -73,7 +73,6 @@ extensions: []
|
|
73
73
|
extra_rdoc_files: []
|
74
74
|
files:
|
75
75
|
- ".document"
|
76
|
-
- ".travis.yml"
|
77
76
|
- Gemfile
|
78
77
|
- LICENSE
|
79
78
|
- README.md
|
@@ -141,8 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
140
|
- !ruby/object:Gem::Version
|
142
141
|
version: '0'
|
143
142
|
requirements: []
|
144
|
-
|
145
|
-
rubygems_version: 2.2.2
|
143
|
+
rubygems_version: 3.0.8
|
146
144
|
signing_key:
|
147
145
|
specification_version: 4
|
148
146
|
summary: SAML Ruby Tookit Spid
|