spid-es 0.0.20 → 0.0.25

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2caedfbd88265d92cfa6adc54328ec47b57fd0f2
-  data.tar.gz: 3c2598da343c443c0b09f9ef0dfcd7cf4e0fc376
+SHA256:
+  metadata.gz: 0df53e9cf72fafa24ceafecf84eeecaeac2ad41ae3fde626427db9015ba066c6
+  data.tar.gz: 4df05a87667e7e38f788c8a80852290020853a576b9fdd64408adb0e7d84af19
 SHA512:
-  metadata.gz: aa9c67a4667aaaa532215ab7c89dacad4fed11b13cbef4e9304eca85ac6cfe0b019e0d1e273b7920565224d8730351e85c3bf7d910dd6b64a628c0cccca6abc3
-  data.tar.gz: 61c9e4351f6a108d1bfffd5f3978d4ec2ee3231b531e8be835bde36459892383e6ac3c588842e695a76d19a2e352ab9295f80a35fe31433a5f0ea43e1cbc4782
+  metadata.gz: c9443aeb32bbeb10038ba9acb6033617c9b2a0f2c5e759bddcb98d0252a41d19248776d2fb0fa2295f6572ecba6fc6eaeb6129ac564c86caed0b2aed929caa87
+  data.tar.gz: 1ae7d5cec32f6b0a8007c0c27bec008dec9d27c4f4fdd0e20c8d88922ebe32918eedae9260a377da55a304d7380b8073ca730ba4b3d9108c2bbf144f0e87b56a

data/lib/spid/ruby-saml/metadata.rb

@@ -31,14 +31,26 @@ module Spid
       def generate(settings)
         #meta_doc = REXML::Document.new
         meta_doc = Spid::XMLSecurityNew::Document.new
-        root = meta_doc.add_element "md:EntityDescriptor", { 
+        if settings.aggregato
+          root = meta_doc.add_element "md:EntityDescriptor", { 
+            "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
+            "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace",
+            "xmlns:spid"        => "https://spid.gov.it/saml-extensions",
+          }
+        else
+          root = meta_doc.add_element "md:EntityDescriptor", { 
             "xmlns:md"        => "urn:oasis:names:tc:SAML:2.0:metadata",
             "xmlns:xml"       => "http://www.w3.org/XML/1998/namespace"
-        }
+          }
+        end
+        
         if settings.issuer != nil
           root.attributes["entityID"] = settings.issuer
         end
-        uuid = "_" + UUID.new.generate
+        #Tolto per non far cambiare sempre il metadata
+        #uuid = "_" + UUID.new.generate
+        #genero l'id come hash dell'entityID
+        uuid = "_" + settings.issuer.hash
         self.uuid = uuid
         root.attributes["ID"] = uuid
 
@@ -119,6 +131,18 @@ module Spid
           }
         end
 
+        #Logout dei servizi esterni
+        unless settings.hash_assertion_consumer.blank?
+          settings.hash_assertion_consumer.each_pair{ |index, hash_service|
+            unless hash_service['logout'].blank?
+              sp_sso.add_element "md:SingleLogoutService", {
+                "Binding" => hash_service['logout']['binding'] || "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
+                "Location" => hash_service['logout']['location']
+              }
+            end
+          }
+        end
+
         name_identifier_formats = settings.name_identifier_format
         if name_identifier_formats != nil
           name_id = []
@@ -165,47 +189,30 @@ module Spid
                     "xml:lang" => "it"
               }
               service_name.text = hash_service['testo']
-              hash_service['array_campi'].each_with_index{ |attribute, index|
-                attr_cons_service.add_element "md:RequestedAttribute", {
-                    "Name" => attribute
+              unless hash_service['description'].blank?
+                service_description = attr_cons_service.add_element "md:ServiceDescription", {
+                  "xml:lang" => "it"
                 }
-              }
+                service_description.text = hash_service['description']
+              end
+              
+              if hash_service['array_campi'].is_a?(Array)
+                hash_service['array_campi'].each_with_index{ |attribute, index|
+                  attr_cons_service.add_element "md:RequestedAttribute", {
+                      "Name" => attribute
+                  }
+                }
+              else #hash
+                hash_service['array_campi'].each_pair{ |attribute, name_format|
+                  attr_cons_service.add_element "md:RequestedAttribute", {
+                      "Name" => attribute,
+                      "NameFormat" => name_format
+                  }
+                }
+              end
             }
 
 
-
-
-            #Per EIDAS
-            # #AttributeConsumingService
-            # attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
-            #     "index" => "99",
-            # }
-            # service_name 
-            # = attr_cons_service.add_element "md:ServiceName", {
-            #       "xml:lang" => "it"
-            # }
-            # service_name.text = "eIDAS Natural Person Minimum Attribute Set"
-            # settings.requested_attribute.each_with_index{ |attribute, index|
-            #   attr_cons_service.add_element "md:RequestedAttribute", {
-            #       "Name" => attribute
-            #   }
-            # }
-
-            # #AttributeConsumingService
-            # attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
-            #   "index" => "100",
-            # }
-            # service_name = attr_cons_service.add_element "md:ServiceName", {
-            #       "xml:lang" => "it"
-            # }
-            # service_name.text = "eIDAS Natural Person Full Attribute Set"
-            # settings.requested_attribute.each_with_index{ |attribute, index|
-            #   attr_cons_service.add_element "md:RequestedAttribute", {
-            #       "Name" => attribute
-            #   }
-            # }
-
-
         end
         #organization
         organization = root.add_element "md:Organization"
@@ -216,12 +223,54 @@ module Spid
         org_display_name = organization.add_element "md:OrganizationDisplayName", {
             "xml:lang" => "it"
         }
-        org_display_name.text = settings.organization['org_display_name']
+    
+        org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
         org_url = organization.add_element "md:OrganizationURL", {
             "xml:lang" => "it"
         }
         org_url.text = settings.organization['org_url']
 
+        #ContactPerson per sp aggregato
+        if settings.aggregato
+          contact_person_aggregatore = root.add_element "md:ContactPerson", {
+            "contactType" => "other",
+            "spid:entityType" => "spid:aggregator"
+          }
+          company = contact_person_aggregatore.add_element "md:Company"
+          company.text = settings.hash_aggregatore['soggetto_aggregatore']
+
+          extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
+          vat_number_aggregatore = extensions_aggregatore.add_element "spid:VATNumber"
+          vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
+          
+          ipa_code_aggregatore = extensions_aggregatore.add_element "spid:IPACode"
+          ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
+
+          fiscal_code_aggregatore = extensions_aggregatore.add_element "spid:FiscalCode"
+          fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
+
+          contact_person_aggregato = root.add_element "md:ContactPerson", {
+            "contactType" => "other",
+            "spid:entityType" => "spid:aggregated"
+          }
+          company = contact_person_aggregato.add_element "md:Company"
+          company.text = settings.organization['org_name']
+
+          extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
+          unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
+            vat_number_aggregato = extensions_aggregato.add_element "spid:VATNumber"
+            vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
+          end
+          unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
+            ipa_code_aggregato = extensions_aggregato.add_element "spid:IPACode" 
+            ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
+          end
+          unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
+            fiscal_code_aggregato = extensions_aggregato.add_element "spid:FiscalCode" 
+            fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
+          end
+        end
+
         #meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
         meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
 

data/lib/spid/ruby-saml/response.rb

@@ -160,14 +160,19 @@ module Spid
               return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
             end
 
-            nodes = issuer_response_nodes + issuer_assertion_nodes
+            issuer_response_nodes.each{ |iss|
+              #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
+              return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
 
-            nodes.each{ |iss|
+            }
+
+            issuer_assertion_nodes.each{ |iss|
               #controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
               return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
 
             }
 
+            nodes = issuer_response_nodes + issuer_assertion_nodes
 
             nodes.map { |node| Utils.element_text(node) }.compact.uniq
           end
@@ -175,7 +180,6 @@ module Spid
 
 
 
-
         def response_to_id
           node = REXML::XPath.first(document, "/p:Response", { "p" => PROTOCOL })
           return  node.attributes["InResponseTo"] unless node.blank?
@@ -264,6 +268,8 @@ module Spid
             return false if validate_destination(soft) == false
             #validazione status
             return false if validate_status(soft) == false
+            #validazione inresponseto
+            return false if validate_presence_inresponseto(soft) == false
             #validazione issuer
             return false if validate_issuer(soft) == false
             #validazioni varie su asserzioni
@@ -308,6 +314,11 @@ module Spid
           end
         end
 
+        def validate_presence_inresponseto(soft=true)
+          response_to_id_value = response_to_id
+          return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
+        end
+
 
 
         #validate status e status code
@@ -340,16 +351,16 @@ module Spid
         end
 
         def version_assertion(document)
-          assertion_nodes = xpath_from_signed_assertion()
-          @version_assertion = "2.0"
-          #ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
-          unless assertion_nodes.blank?
-            assertion_nodes.each{ |ass_node|
-              return nil if ass_node.attributes['Version'] != "2.0"
-            }
-          end
-          @version_assertion 
-      end
+            assertion_nodes = xpath_from_signed_assertion()
+            @version_assertion = "2.0"
+            #ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
+            unless assertion_nodes.blank?
+              assertion_nodes.each{ |ass_node|
+                return nil if ass_node.attributes['Version'] != "2.0"
+              }
+            end
+            @version_assertion 
+        end
 
         def validate_version(soft = true)
             unless version(self.document) == "2.0"
@@ -360,12 +371,12 @@ module Spid
         end
 
         def validate_version_assertion(soft = true)
-          unless version_assertion(self.document) == "2.0"
-            #return append_error("Unsupported SAML version")
-            return soft ? false : validation_error("Unsupported SAML Assertion version")
-          end
-          true
-      end
+            unless version_assertion(self.document) == "2.0"
+              #return append_error("Unsupported SAML version")
+              return soft ? false : validation_error("Unsupported SAML Assertion version")
+            end
+            true
+        end
 
         def validate_signed_elements(soft = true)
             signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})

data/lib/spid/ruby-saml/settings.rb

@@ -10,7 +10,7 @@ module Spid
       attr_accessor :name_identifier_value, :name_identifier_format
       attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
       attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
-      attr_accessor :skip_validation
+      attr_accessor :skip_validation, :aggregato, :hash_aggregatore
     
       def initialize(config = {})
         config.each do |k,v|

data/spid-es.gemspec

@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'spid-es'
-  s.version = '0.0.20'
+  s.version = '0.0.25'
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Fabiano Pavan"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spid-es
 version: !ruby/object:Gem::Version
-  version: 0.0.20
+  version: 0.0.25
 platform: ruby
 authors:
 - Fabiano Pavan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-15 00:00:00.000000000 Z
+date: 2020-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: canonix
@@ -73,7 +73,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
-- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -141,8 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: SAML Ruby Tookit Spid

data/.travis.yml

@@ -1,5 +0,0 @@
-language: ruby
-rvm:
-  - 1.8.7
-  - 1.9.3
-  - ree