spid-es 0.0.21 → 0.0.26
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/spid/ruby-saml/metadata.rb +90 -41
- data/lib/spid/ruby-saml/response.rb +23 -16
- data/lib/spid/ruby-saml/settings.rb +1 -1
- data/spid-es.gemspec +1 -1
- metadata +3 -5
- data/.travis.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 22bca7fc7ffffb1f963e39275f6026c15d41ef5b86de646a1b88fc812afeefa0
|
|
4
|
+
data.tar.gz: 2b633c95a520a05e7dbcc64adba2137fd1bfaaf781d5236e9bcf391095aa3aac
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b0b0dd8e38e3ef358a148de182d9d38a5aa6332da952815c6a92dec1f93d54948271a8eb096ac56cbbec0f856ae3cb00e4dffcdc3094c819140e58a5714ab003
|
|
7
|
+
data.tar.gz: '006628db995c81787c38d3b4dd0d46f545287125aca2ab770a68383caffec515e32e6bdb3a6d52a7bb684cbbd10ee0355535bbc7a5e8c83449dcf69d3e15b4b0'
|
|
@@ -31,14 +31,26 @@ module Spid
|
|
|
31
31
|
def generate(settings)
|
|
32
32
|
#meta_doc = REXML::Document.new
|
|
33
33
|
meta_doc = Spid::XMLSecurityNew::Document.new
|
|
34
|
-
|
|
34
|
+
if settings.aggregato
|
|
35
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
36
|
+
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
37
|
+
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace",
|
|
38
|
+
"xmlns:spid" => "https://spid.gov.it/saml-extensions",
|
|
39
|
+
}
|
|
40
|
+
else
|
|
41
|
+
root = meta_doc.add_element "md:EntityDescriptor", {
|
|
35
42
|
"xmlns:md" => "urn:oasis:names:tc:SAML:2.0:metadata",
|
|
36
43
|
"xmlns:xml" => "http://www.w3.org/XML/1998/namespace"
|
|
37
|
-
|
|
44
|
+
}
|
|
45
|
+
end
|
|
46
|
+
|
|
38
47
|
if settings.issuer != nil
|
|
39
48
|
root.attributes["entityID"] = settings.issuer
|
|
40
49
|
end
|
|
41
|
-
|
|
50
|
+
#Tolto per non far cambiare sempre il metadata
|
|
51
|
+
#uuid = "_" + UUID.new.generate
|
|
52
|
+
#genero l'id come hash dell'entityID
|
|
53
|
+
uuid = "_" + settings.issuer.hash.to_s
|
|
42
54
|
self.uuid = uuid
|
|
43
55
|
root.attributes["ID"] = uuid
|
|
44
56
|
|
|
@@ -119,6 +131,18 @@ module Spid
|
|
|
119
131
|
}
|
|
120
132
|
end
|
|
121
133
|
|
|
134
|
+
#Logout dei servizi esterni
|
|
135
|
+
unless settings.hash_assertion_consumer.blank?
|
|
136
|
+
settings.hash_assertion_consumer.each_pair{ |index, hash_service|
|
|
137
|
+
unless hash_service['logout'].blank?
|
|
138
|
+
sp_sso.add_element "md:SingleLogoutService", {
|
|
139
|
+
"Binding" => hash_service['logout']['binding'] || "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
|
|
140
|
+
"Location" => hash_service['logout']['location']
|
|
141
|
+
}
|
|
142
|
+
end
|
|
143
|
+
}
|
|
144
|
+
end
|
|
145
|
+
|
|
122
146
|
name_identifier_formats = settings.name_identifier_format
|
|
123
147
|
if name_identifier_formats != nil
|
|
124
148
|
name_id = []
|
|
@@ -165,47 +189,30 @@ module Spid
|
|
|
165
189
|
"xml:lang" => "it"
|
|
166
190
|
}
|
|
167
191
|
service_name.text = hash_service['testo']
|
|
168
|
-
hash_service['
|
|
169
|
-
attr_cons_service.add_element "md:
|
|
170
|
-
|
|
192
|
+
unless hash_service['description'].blank?
|
|
193
|
+
service_description = attr_cons_service.add_element "md:ServiceDescription", {
|
|
194
|
+
"xml:lang" => "it"
|
|
171
195
|
}
|
|
172
|
-
|
|
196
|
+
service_description.text = hash_service['description']
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
if hash_service['array_campi'].is_a?(Array)
|
|
200
|
+
hash_service['array_campi'].each_with_index{ |attribute, index|
|
|
201
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
|
202
|
+
"Name" => attribute
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
else #hash
|
|
206
|
+
hash_service['array_campi'].each_pair{ |attribute, name_format|
|
|
207
|
+
attr_cons_service.add_element "md:RequestedAttribute", {
|
|
208
|
+
"Name" => attribute,
|
|
209
|
+
"NameFormat" => name_format
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
end
|
|
173
213
|
}
|
|
174
214
|
|
|
175
215
|
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
#Per EIDAS
|
|
179
|
-
# #AttributeConsumingService
|
|
180
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
181
|
-
# "index" => "99",
|
|
182
|
-
# }
|
|
183
|
-
# service_name
|
|
184
|
-
# = attr_cons_service.add_element "md:ServiceName", {
|
|
185
|
-
# "xml:lang" => "it"
|
|
186
|
-
# }
|
|
187
|
-
# service_name.text = "eIDAS Natural Person Minimum Attribute Set"
|
|
188
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
189
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
190
|
-
# "Name" => attribute
|
|
191
|
-
# }
|
|
192
|
-
# }
|
|
193
|
-
|
|
194
|
-
# #AttributeConsumingService
|
|
195
|
-
# attr_cons_service = sp_sso.add_element "md:AttributeConsumingService", {
|
|
196
|
-
# "index" => "100",
|
|
197
|
-
# }
|
|
198
|
-
# service_name = attr_cons_service.add_element "md:ServiceName", {
|
|
199
|
-
# "xml:lang" => "it"
|
|
200
|
-
# }
|
|
201
|
-
# service_name.text = "eIDAS Natural Person Full Attribute Set"
|
|
202
|
-
# settings.requested_attribute.each_with_index{ |attribute, index|
|
|
203
|
-
# attr_cons_service.add_element "md:RequestedAttribute", {
|
|
204
|
-
# "Name" => attribute
|
|
205
|
-
# }
|
|
206
|
-
# }
|
|
207
|
-
|
|
208
|
-
|
|
209
216
|
end
|
|
210
217
|
#organization
|
|
211
218
|
organization = root.add_element "md:Organization"
|
|
@@ -216,12 +223,54 @@ module Spid
|
|
|
216
223
|
org_display_name = organization.add_element "md:OrganizationDisplayName", {
|
|
217
224
|
"xml:lang" => "it"
|
|
218
225
|
}
|
|
219
|
-
|
|
226
|
+
|
|
227
|
+
org_display_name.text = settings.organization['org_display_name']+(settings.aggregato ? " tramite #{settings.hash_aggregatore['soggetto_aggregatore']}" : '')
|
|
220
228
|
org_url = organization.add_element "md:OrganizationURL", {
|
|
221
229
|
"xml:lang" => "it"
|
|
222
230
|
}
|
|
223
231
|
org_url.text = settings.organization['org_url']
|
|
224
232
|
|
|
233
|
+
#ContactPerson per sp aggregato
|
|
234
|
+
if settings.aggregato
|
|
235
|
+
contact_person_aggregatore = root.add_element "md:ContactPerson", {
|
|
236
|
+
"contactType" => "other",
|
|
237
|
+
"spid:entityType" => "spid:aggregator"
|
|
238
|
+
}
|
|
239
|
+
company = contact_person_aggregatore.add_element "md:Company"
|
|
240
|
+
company.text = settings.hash_aggregatore['soggetto_aggregatore']
|
|
241
|
+
|
|
242
|
+
extensions_aggregatore = contact_person_aggregatore.add_element "md:Extensions"
|
|
243
|
+
vat_number_aggregatore = extensions_aggregatore.add_element "spid:VATNumber"
|
|
244
|
+
vat_number_aggregatore.text = settings.hash_aggregatore['piva_aggregatore']
|
|
245
|
+
|
|
246
|
+
ipa_code_aggregatore = extensions_aggregatore.add_element "spid:IPACode"
|
|
247
|
+
ipa_code_aggregatore.text = settings.hash_aggregatore['cipa_aggregatore']
|
|
248
|
+
|
|
249
|
+
fiscal_code_aggregatore = extensions_aggregatore.add_element "spid:FiscalCode"
|
|
250
|
+
fiscal_code_aggregatore.text = settings.hash_aggregatore['cf_aggregatore']
|
|
251
|
+
|
|
252
|
+
contact_person_aggregato = root.add_element "md:ContactPerson", {
|
|
253
|
+
"contactType" => "other",
|
|
254
|
+
"spid:entityType" => "spid:aggregated"
|
|
255
|
+
}
|
|
256
|
+
company = contact_person_aggregato.add_element "md:Company"
|
|
257
|
+
company.text = settings.organization['org_name']
|
|
258
|
+
|
|
259
|
+
extensions_aggregato = contact_person_aggregato.add_element "md:Extensions"
|
|
260
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['vat_number'].blank?
|
|
261
|
+
vat_number_aggregato = extensions_aggregato.add_element "spid:VATNumber"
|
|
262
|
+
vat_number_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['vat_number']
|
|
263
|
+
end
|
|
264
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['ipa_code'].blank?
|
|
265
|
+
ipa_code_aggregato = extensions_aggregato.add_element "spid:IPACode"
|
|
266
|
+
ipa_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['ipa_code']
|
|
267
|
+
end
|
|
268
|
+
unless settings.hash_aggregatore['soggetto_aggregato']['fiscal_code'].blank?
|
|
269
|
+
fiscal_code_aggregato = extensions_aggregato.add_element "spid:FiscalCode"
|
|
270
|
+
fiscal_code_aggregato.text = settings.hash_aggregatore['soggetto_aggregato']['fiscal_code']
|
|
271
|
+
end
|
|
272
|
+
end
|
|
273
|
+
|
|
225
274
|
#meta_doc << REXML::XMLDecl.new(version='1.0', encoding='UTF-8')
|
|
226
275
|
meta_doc << REXML::XMLDecl.new("1.0", "UTF-8")
|
|
227
276
|
|
|
@@ -268,6 +268,8 @@ module Spid
|
|
|
268
268
|
return false if validate_destination(soft) == false
|
|
269
269
|
#validazione status
|
|
270
270
|
return false if validate_status(soft) == false
|
|
271
|
+
#validazione inresponseto
|
|
272
|
+
return false if validate_presence_inresponseto(soft) == false
|
|
271
273
|
#validazione issuer
|
|
272
274
|
return false if validate_issuer(soft) == false
|
|
273
275
|
#validazioni varie su asserzioni
|
|
@@ -312,6 +314,11 @@ module Spid
|
|
|
312
314
|
end
|
|
313
315
|
end
|
|
314
316
|
|
|
317
|
+
def validate_presence_inresponseto(soft=true)
|
|
318
|
+
response_to_id_value = response_to_id
|
|
319
|
+
return (soft ? false : validation_error("InResponseTo non specificato o mancante")) if response_to_id_value.blank?
|
|
320
|
+
end
|
|
321
|
+
|
|
315
322
|
|
|
316
323
|
|
|
317
324
|
#validate status e status code
|
|
@@ -344,16 +351,16 @@ module Spid
|
|
|
344
351
|
end
|
|
345
352
|
|
|
346
353
|
def version_assertion(document)
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
354
|
+
assertion_nodes = xpath_from_signed_assertion()
|
|
355
|
+
@version_assertion = "2.0"
|
|
356
|
+
#ciclo sui nodi delle asserzioni, se uno ha una versione diversa da 2.0 ritorno nil
|
|
357
|
+
unless assertion_nodes.blank?
|
|
358
|
+
assertion_nodes.each{ |ass_node|
|
|
359
|
+
return nil if ass_node.attributes['Version'] != "2.0"
|
|
360
|
+
}
|
|
361
|
+
end
|
|
362
|
+
@version_assertion
|
|
363
|
+
end
|
|
357
364
|
|
|
358
365
|
def validate_version(soft = true)
|
|
359
366
|
unless version(self.document) == "2.0"
|
|
@@ -364,12 +371,12 @@ module Spid
|
|
|
364
371
|
end
|
|
365
372
|
|
|
366
373
|
def validate_version_assertion(soft = true)
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
374
|
+
unless version_assertion(self.document) == "2.0"
|
|
375
|
+
#return append_error("Unsupported SAML version")
|
|
376
|
+
return soft ? false : validation_error("Unsupported SAML Assertion version")
|
|
377
|
+
end
|
|
378
|
+
true
|
|
379
|
+
end
|
|
373
380
|
|
|
374
381
|
def validate_signed_elements(soft = true)
|
|
375
382
|
signature_nodes = REXML::XPath.match(decrypted_document.nil? ? document : decrypted_document,"//ds:Signature",{"ds"=>DSIG})
|
|
@@ -10,7 +10,7 @@ module Spid
|
|
|
10
10
|
attr_accessor :name_identifier_value, :name_identifier_format
|
|
11
11
|
attr_accessor :sessionindex, :issuer, :destination_service_url, :authn_context, :requester_identificator
|
|
12
12
|
attr_accessor :single_logout_service_url, :single_logout_service_binding, :single_logout_destination
|
|
13
|
-
attr_accessor :skip_validation
|
|
13
|
+
attr_accessor :skip_validation, :aggregato, :hash_aggregatore
|
|
14
14
|
|
|
15
15
|
def initialize(config = {})
|
|
16
16
|
config.each do |k,v|
|
data/spid-es.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'spid-es'
|
|
5
|
-
s.version = '0.0.
|
|
5
|
+
s.version = '0.0.26'
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Fabiano Pavan"]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spid-es
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fabiano Pavan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-07-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: canonix
|
|
@@ -73,7 +73,6 @@ extensions: []
|
|
|
73
73
|
extra_rdoc_files: []
|
|
74
74
|
files:
|
|
75
75
|
- ".document"
|
|
76
|
-
- ".travis.yml"
|
|
77
76
|
- Gemfile
|
|
78
77
|
- LICENSE
|
|
79
78
|
- README.md
|
|
@@ -141,8 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
141
140
|
- !ruby/object:Gem::Version
|
|
142
141
|
version: '0'
|
|
143
142
|
requirements: []
|
|
144
|
-
|
|
145
|
-
rubygems_version: 2.2.2
|
|
143
|
+
rubygems_version: 3.0.8
|
|
146
144
|
signing_key:
|
|
147
145
|
specification_version: 4
|
|
148
146
|
summary: SAML Ruby Tookit Spid
|