spid-es 0.0.20 → 0.0.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/spid/ruby-saml/metadata.rb +90 -41
- data/lib/spid/ruby-saml/response.rb +30 -19
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/spid-es.gemspec +1 -1
- metadata +3 -5
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0df53e9cf72fafa24ceafecf84eeecaeac2ad41ae3fde626427db9015ba066c6
|
|
4
|
+
data.tar.gz: 4df05a87667e7e38f788c8a80852290020853a576b9fdd64408adb0e7d84af19
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9443aeb32bbeb10038ba9acb6033617c9b2a0f2c5e759bddcb98d0252a41d19248776d2fb0fa2295f6572ecba6fc6eaeb6129ac564c86caed0b2aed929caa87
|
|
7
|
+
data.tar.gz: 1ae7d5cec32f6b0a8007c0c27bec008dec9d27c4f4fdd0e20c8d88922ebe32918eedae9260a377da55a304d7380b8073ca730ba4b3d9108c2bbf144f0e87b56a
|
|
@@ -31,14 +31,26 @@ module Spid
|
|
|
31
31
|
def generate(settings)
|
|
32
32
|
#meta_doc = REXML::Document.new
|
|
33
33
|
meta_doc = Spid::XMLSecurityNew::Document.new
|
|
34
|
-
|
|
34
|
+
if settings.aggregato
|
|
35
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
36
|
+
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
37
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
|
38
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions",
|
|
39
|
+
}
|
|
40
|
+
else
|
|
41
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
35
42
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
36
43
|
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
|
37
|
-
|
|
44
|
+
}
|
|
45
|
+
end
|
|
46
|
+
|
|
38
47
|
if settings.issuer != nil
|
|
39
48
|
root.attributes["entityID"] = settings.issuer
|
|
40
49
|
end
|
|
41
|
-
|
|
50
|
+
#Tolto per non far cambiare sempre il metadata
|
|
51
|
+
#uuid = "_" + UUID.new.generate
|
|
52
|
+
#genero l'id come hash dell'entityID
|
|
53
|
+
uuid = "_" + settings.issuer.hash
|
|
42
54
|
self.uuid = uuid
|
|
43
55
|
root.attributes["ID"] = uuid
|
|
44
56
|
|
|
@@ -119,6 +131,18 @@ module Spid
|
|
|
119
131
|
}
|
|
120
132
|
end
|
|
121
133
|
|
|
134
|
+
#Logout dei servizi esterni
|
|
135
|
+
unless settings.hash_assertion_consumer.blank?
|
|
136
|
+
settings.hash_assertion_consumer.each_pair{ |index, hash_service|
|
|
137
|
+
unless hash_service['logout'].blank?
|
|
138
|
+
sp_sso.add_element "md:SingleLogoutService", {
|
|
139
|
+
"Binding" => hash_service['logout']['binding'] || "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
|
140
|
+
"Location" => hash_service['logout']['location']
|
|
141
|
+
}
|
|
142
|
+
end
|
|
143
|
+
}
|
|
144
|
+
end
|
|
145
|
+
|
|
122
146
|
name_identifier_formats = settings.name_identifier_format
|
|
123
147
|
if name_identifier_formats != nil
|
|
124
148
|
name_id = []
|
|
@@ -165,47 +189,30 @@ module Spid
|
|
|
165
189
|
"xml:lang" => "it"
|
|
166
190
|
}
|
|
167
191
|
service_name.text = hash_service['testo']
|
|
168
|
-
hash_service['
|
|
169
|
-
attr_cons_service.add_element "md:
|
|
170
|
-
|
|
192
|
+
unless hash_service['description'].blank?
|
|
193
|
+
service_description = attr_cons_service.add_element "md:ServiceDescription", {
|
|
194
|
+
"xml:lang" => "it"
|
|
171
195
|
}
|
|
172
|
-
|
|
196
|
+
service_description.text = hash_service['description']
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
if hash_service['array_campi'].is_a?(Array)
|
|
200
|
+
hash_service['array_campi'].each_with_index{ |attribute, index|
|
|
201
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
|
202
|
+
"Name" => attribute
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
else #hash
|
|
206
|
+
hash_service['array_campi'].each_pair{ |attribute, name_format|
|
|
207
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
|
208
|
+
"Name" => attribute,
|
|
209
|
+
"NameFormat" => name_format
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
end
|
|
173
213
|
}
|
|
174
214
|
|
|
175
215
|
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
#Per EIDAS
|
|
179
|
-
# #AttributeConsumingService
|
|
180
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
181
|
-
# "index" => "99",
|
|
182
|
-
# }
|
|
183
|
-
# service_name
|
|
184
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
|
185
|
-
# "xml:lang" => "it"
|
|
186
|
-
# }
|
|
187
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
|
188
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
189
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
190
|
-
# "Name" => attribute
|
|
191
|
-
# }
|
|
192
|
-
# }
|
|
193
|
-
|
|
194
|
-
# #AttributeConsumingService
|
|
195
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
196
|
-
# "index" => "100",
|
|
197
|
-
# }
|
|
198
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
|
199
|
-
# "xml:lang" => "it"
|
|
200
|
-
# }
|
|
201
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
|
202
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
203
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
204
|
-
# "Name" => attribute
|
|
205
|
-
# }
|
|
206
|
-
# }
|
|
207
|
-
|
|
208
|
-
|
|
209
216
|
end
|
|
210
217
|
#organization
|
|
211
218
|
organization = root.add_element "md:Organization"
|
|
@@ -216,12 +223,54 @@ module Spid
|
|
|
216
223
|
org_display_name = organization.add_element "md:OrganizationDisplayName", {
|
|
217
224
|
"xml:lang" => "it"
|
|
218
225
|
}
|
|
219
|
-
|
|
226
|
+
|
|
227
|
+
org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
|
|
220
228
|
org_url = organization.add_element "md:OrganizationURL", {
|
|
221
229
|
"xml:lang" => "it"
|
|
222
230
|
}
|
|
223
231
|
org_url.text = settings.organization['org_url']
|
|
224
232
|
|
|
233
|
+
#ContactPerson per sp aggregato
|
|
234
|
+
if settings.aggregato
|
|
235
|
+
contact_person_aggregatore = root.add_element "md:ContactPerson", {
|
|
236
|
+
"contactType" => "other",
|
|
237
|
+
"spid:entityType" => "spid:aggregator"
|
|
238
|
+
}
|
|
239
|
+
company = contact_person_aggregatore.add_element "md:Company"
|
|
240
|
+
company.text = settings.hash_aggregatore['soggetto_aggregatore']
|
|
241
|
+
|
|
242
|
+
extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
|
|
243
|
+
vat_number_aggregatore = extensions_aggregatore.add_element "spid:VATNumber"
|
|
244
|
+
vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
|
|
245
|
+
|
|
246
|
+
ipa_code_aggregatore = extensions_aggregatore.add_element "spid:IPACode"
|
|
247
|
+
ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
|
|
248
|
+
|
|
249
|
+
fiscal_code_aggregatore = extensions_aggregatore.add_element "spid:FiscalCode"
|
|
250
|
+
fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
|
|
251
|
+
|
|
252
|
+
contact_person_aggregato = root.add_element "md:ContactPerson", {
|
|
253
|
+
"contactType" => "other",
|
|
254
|
+
"spid:entityType" => "spid:aggregated"
|
|
255
|
+
}
|
|
256
|
+
company = contact_person_aggregato.add_element "md:Company"
|
|
257
|
+
company.text = settings.organization['org_name']
|
|
258
|
+
|
|
259
|
+
extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
|
|
260
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
|
|
261
|
+
vat_number_aggregato = extensions_aggregato.add_element "spid:VATNumber"
|
|
262
|
+
vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
|
|
263
|
+
end
|
|
264
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
|
|
265
|
+
ipa_code_aggregato = extensions_aggregato.add_element "spid:IPACode"
|
|
266
|
+
ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
|
|
267
|
+
end
|
|
268
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
|
|
269
|
+
fiscal_code_aggregato = extensions_aggregato.add_element "spid:FiscalCode"
|
|
270
|
+
fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
|
|
225
274
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
|
226
275
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
|
227
276
|
|
|
@@ -160,14 +160,19 @@ module Spid
|
|
|
160
160
|
return (soft ? false : validation_error("Issuer of the Assertion not found or multiple."))
|
|
161
161
|
end
|
|
162
162
|
|
|
163
|
-
|
|
163
|
+
issuer_response_nodes.each{ |iss|
|
|
164
|
+
#controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
165
|
+
return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if !iss.attributes['Format'].nil? && iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
164
166
|
|
|
165
|
-
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
issuer_assertion_nodes.each{ |iss|
|
|
166
170
|
#controllo: L'attributo Format di Issuer deve essere presente con il valore urn:oasis:names:tc:SAML:2.0:nameid-format:entity
|
|
167
171
|
return (soft ? false : validation_error("Elemento Issuer non ha formato corretto ")) if iss.attributes['Format'] != 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
|
|
168
172
|
|
|
169
173
|
}
|
|
170
174
|
|
|
175
|
+
nodes = issuer_response_nodes + issuer_assertion_nodes
|
|
171
176
|
|
|
172
177
|
nodes.map { |node| Utils.element_text(node) }.compact.uniq
|
|
173
178
|
end
|
|
@@ -175,7 +180,6 @@ module Spid
|
|
|
175
180
|
|
|
176
181
|
|
|
177
182
|
|
|
178
|
-
|
|
179
183
|
def response_to_id
|
|
180
184
|
node = REXML::XPath.first(document, "/p:Response", { "p" => PROTOCOL })
|
|
181
185
|
return node.attributes["InResponseTo"] unless node.blank?
|
|
@@ -264,6 +268,8 @@ module Spid
|
|
|
264
268
|
return false if validate_destination(soft) == false
|
|
265
269
|
#validazione status
|
|
266
270
|
return false if validate_status(soft) == false
|
|
271
|
+
#validazione inresponseto
|
|
272
|
+
return false if validate_presence_inresponseto(soft) == false
|
|
267
273
|
#validazione issuer
|
|
268
274
|
return false if validate_issuer(soft) == false
|
|
269
275
|
#validazioni varie su asserzioni
|
|
@@ -308,6 +314,11 @@ module Spid
|
|
|
308
314
|
end
|
|
309
315
|
end
|
|
310
316
|
|
|
317
|
+
def validate_presence_inresponseto(soft=true)
|
|
318
|
+
response_to_id_value = response_to_id
|
|
319
|
+
return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
|
|
320
|
+
end
|
|
321
|
+
|
|
311
322
|
|
|
312
323
|
|
|
313
324
|
#validate status e status code
|
|
@@ -340,16 +351,16 @@ module Spid
|
|
|
340
351
|
end
|
|
341
352
|
|
|
342
353
|
def version_assertion(document)
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
354
|
+
assertion_nodes = xpath_from_signed_assertion()
|
|
355
|
+
@version_assertion = "2.0"
|
|
356
|
+
#ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
|
|
357
|
+
unless assertion_nodes.blank?
|
|
358
|
+
assertion_nodes.each{ |ass_node|
|
|
359
|
+
return nil if ass_node.attributes['Version'] != "2.0"
|
|
360
|
+
}
|
|
361
|
+
end
|
|
362
|
+
@version_assertion
|
|
363
|
+
end
|
|
353
364
|
|
|
354
365
|
def validate_version(soft = true)
|
|
355
366
|
unless version(self.document) == "2.0"
|
|
@@ -360,12 +371,12 @@ module Spid
|
|
|
360
371
|
end
|
|
361
372
|
|
|
362
373
|
def validate_version_assertion(soft = true)
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
374
|
+
unless version_assertion(self.document) == "2.0"
|
|
375
|
+
#return append_error("Unsupported SAML version")
|
|
376
|
+
return soft ? false : validation_error("Unsupported SAML Assertion version")
|
|
377
|
+
end
|
|
378
|
+
true
|
|
379
|
+
end
|
|
369
380
|
|
|
370
381
|
def validate_signed_elements(soft = true)
|
|
371
382
|
signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})
|
|
@@ -10,7 +10,7 @@ module Spid
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation
|
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.25'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.25
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-07-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|
|
@@ -73,7 +73,6 @@ extensions: []
|
|
|
73
73
|
extra_rdoc_files: []
|
|
74
74
|
files:
|
|
75
75
|
- ".document"
|
|
76
|
-
- ".travis.yml"
|
|
77
76
|
- Gemfile
|
|
78
77
|
- LICENSE
|
|
79
78
|
- README.md
|
|
@@ -141,8 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
141
140
|
- !ruby/object:Gem::Version
|
|
142
141
|
version: '0'
|
|
143
142
|
requirements: []
|
|
144
|
-
|
|
145
|
-
rubygems_version: 2.2.2
|
|
143
|
+
rubygems_version: 3.0.8
|
|
146
144
|
signing_key:
|
|
147
145
|
specification_version: 4
|
|
148
146
|
summary: SAML Ruby Tookit Spid
|